Skip to main content

pydantic-settings CVE-2026-58203

| EUVDEUVD-2026-41878 MEDIUM
Path Traversal (CWE-22)
2026-07-06 GitHub_M
5.3
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.3 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
vuln.today AI
5.3 MEDIUM

Write access to secrets_dir required (PR:L, AV:L); partial C/I/A since impact is limited to settings-loaded file contents and size-cap bypass.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Patch available
Jul 06, 2026 - 17:01 EUVD
Analysis Generated
Jul 06, 2026 - 16:51 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 86 pypi packages depend on pydantic-settings (78 direct, 8 indirect)

Ecosystem-wide dependent count for version 2.12.0.

DescriptionCVE.org

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets_dir. When secrets_nested_subdir=True, a directory entry inside secrets_dir that is a symbolic link pointing outside secrets_dir is followed, so files outside the configured directory are read into settings values. The same code path bypasses the documented secrets_dir_max_size protection. An attacker or lower-privileged component able to influence entries in the configured secrets directory (for example, a writable or shared secrets mount) can turn this into an unintended local file read into settings and can defeat the advertised loading-size cap. This vulnerability is fixed in 2.14.2.

AnalysisAI

Symlink traversal in pydantic-settings 2.12.0-2.14.1 allows a local low-privileged attacker with write access to the configured secrets directory to read arbitrary files from the host filesystem into application settings when secrets_nested_subdir=True. The same code path also bypasses the secrets_dir_max_size loading cap, undermining an advertised safety control. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain write access to shared secrets_dir
Delivery
Create symlink inside secrets_dir targeting sensitive host file
Exploit
Trigger application settings reload (restart or live reload)
Execution
NestedSecretsSettingsSource follows symlink outside directory boundary
Persist
Sensitive file contents loaded into application settings
Impact
Data exposed via application behavior, logs, or API responses

Vulnerability AssessmentAI

Exploitation Exploitation requires two concrete conditions: (1) the application must instantiate NestedSecretsSettingsSource with secrets_nested_subdir=True - this is a non-default opt-in configuration, not enabled by default; (2) the attacker or a lower-privileged process must have write access to the configured secrets_dir, for example via a shared or world-writable mount. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, score 5.3) accurately characterizes the attack surface: local access with low privileges is required, complexity is low, and no user interaction is needed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A lower-privileged sidecar container or compromised process sharing a writable Kubernetes secrets volume creates a symbolic link inside the application's secrets_dir - for example, secrets/db/password -> /etc/shadow - and waits for the application to restart or reload configuration. When the application initializes NestedSecretsSettingsSource with secrets_nested_subdir=True, the symlink is followed and the contents of /etc/shadow are loaded into the db.password settings field, potentially surfacing in logs, error messages, or downstream API responses. …
Remediation Upgrade pydantic-settings to version 2.14.2, the vendor-confirmed fix per the GitHub Security Advisory GHSA-4xgf-cpjx-pc3j (https://github.com/pydantic/pydantic-settings/security/advisories/GHSA-4xgf-cpjx-pc3j). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58203 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy