Primary

Context

Pydantic-AI MCP Run Python Deno SSRF Vulnerability

Vulnerability

A vulnerability exists in the Pydantic-AI MCP Run Python tool due to an overly permissive Deno sandbox configuration. This flaw allows the Python code to access the localhost interface, enabling Server-Side Request Forgery (SSRF) attacks. The 'mcp-run-python' project is archived and unlikely to be fixed.

Impact

The vulnerability allows for SSRF attacks, where an attacker can make requests to the localhost interface of the host running the Deno sandbox.

Reproduction

To reproduce this vulnerability, configure an MCP client to use the Pydantic-AI MCP Run Python tool. Start a HTTP server on the localhost interface. Then, use the MCP client to run a code snippet that fetches a resource from the localhost server. The request will be received by the server, demonstrating the SSRF vulnerability.

Added: Feb 9, 2026, 9:22 AM

Updated: Feb 9, 2026, 4:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.0

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.0

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pydantic-AI MCP Run Python Deno SSRF Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating