CVE-2026-25211
LOWPypi Llama-stack < 0.4.4 - Log Information Exposure
Title source: ruleDescription
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.
Exploits (2)
github
WORKING POC
10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-25211
nomisec
WORKING POC
1 stars
by mbanyamer · poc
https://github.com/mbanyamer/Llama-Stack-0.4.0rc3-local-CVE-2026-25211
Scores
CVSS v3
3.2
EPSS
0.0001
EPSS Percentile
0.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (2)
llamastack/Llama Stack
< 0.4.0rc3
pypi/llama-stack
0 - 0.4.4PyPI
Published
Jan 30, 2026
Tracked Since
Feb 18, 2026