Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Write access to secrets_dir required (PR:L, AV:L); partial C/I/A since impact is limited to settings-loaded file contents and size-cap bypass.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Blast Radius
ecosystem impact- 86 pypi packages depend on pydantic-settings (78 direct, 8 indirect)
Ecosystem-wide dependent count for version 2.12.0.
DescriptionCVE.org
pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets_dir. When secrets_nested_subdir=True, a directory entry inside secrets_dir that is a symbolic link pointing outside secrets_dir is followed, so files outside the configured directory are read into settings values. The same code path bypasses the documented secrets_dir_max_size protection. An attacker or lower-privileged component able to influence entries in the configured secrets directory (for example, a writable or shared secrets mount) can turn this into an unintended local file read into settings and can defeat the advertised loading-size cap. This vulnerability is fixed in 2.14.2.
AnalysisAI
Symlink traversal in pydantic-settings 2.12.0-2.14.1 allows a local low-privileged attacker with write access to the configured secrets directory to read arbitrary files from the host filesystem into application settings when secrets_nested_subdir=True. The same code path also bypasses the secrets_dir_max_size loading cap, undermining an advertised safety control. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two concrete conditions: (1) the application must instantiate NestedSecretsSettingsSource with secrets_nested_subdir=True - this is a non-default opt-in configuration, not enabled by default; (2) the attacker or a lower-privileged process must have write access to the configured secrets_dir, for example via a shared or world-writable mount. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, score 5.3) accurately characterizes the attack surface: local access with low privileges is required, complexity is low, and no user interaction is needed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A lower-privileged sidecar container or compromised process sharing a writable Kubernetes secrets volume creates a symbolic link inside the application's secrets_dir - for example, secrets/db/password -> /etc/shadow - and waits for the application to restart or reload configuration. When the application initializes NestedSecretsSettingsSource with secrets_nested_subdir=True, the symlink is followed and the contents of /etc/shadow are loaded into the db.password settings field, potentially surfacing in logs, error messages, or downstream API responses. … |
| Remediation | Upgrade pydantic-settings to version 2.14.2, the vendor-confirmed fix per the GitHub Security Advisory GHSA-4xgf-cpjx-pc3j (https://github.com/pydantic/pydantic-settings/security/advisories/GHSA-4xgf-cpjx-pc3j). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41878