AVE-2025-0044 — Schema Poisoning Attack

Schema Poisoning Attack

🟠 HIGH structural proven AVE-2025-0044

· aka: Pydantic Exploitation, Validation Bypass

Summary

Five distinct attack patterns exploit structured output validation (Pydantic, JSON Schema). Attackers craft inputs that pass schema validation while containing malicious payloads in unexpected fields.

Blast Radius

Validated data contains hidden malicious content. Downstream systems trust schema-validated input.

Prerequisites

Agent using structured output with schema validation (Pydantic, JSON Schema, etc.).

Environment

Frameworks: LangGraph
Models tested: [Available in NAIL SDK]
Multi-agent: No
Tools required: Yes
Memory required: No

AVE-2025-0019
AVE-2025-0020

🛡️ NAIL Institute — AVE Database

Schema Poisoning Attack

Summary

Blast Radius

Prerequisites

Environment

Related