48 matches found
EUVD-2025-209086
A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...
CVE-2025-12805
A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...
CVE-2025-12805 Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy
A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...
CVE-2025-12805
CVE-2025-12805 describes a flaw in Red Hat OpenShift AI (RHOAI) llama-stack-operator where Llama Stack services deployed in different namespaces can be accessed via direct network requests because no NetworkPolicy restricts the llama-stack service endpoint. This allows a user in one namespace to ...
CVE-2025-12805
A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...
CVE-2025-12805 Llama-stack-k8s-operator: llama stack service exposed across namespaces due to missing networkpolicy
A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...
PT-2026-28270
A flaw was found in Red Hat OpenShift AI RHOAI llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user i...
Llama Stack 安全漏洞
Llama Stack is a core building block for simplified artificial intelligence application development, open-sourced by Meta Llama. There is a security vulnerability in Llama Stack, which stems from the lack of network policy restrictions on access to the llama-stack server endpoints. This...
langevals-ragas (>=0.1.10 <=0.1.17), llama-stack-provider-ragas (>=0.3.4 <=0.6.1) +1 more potentially affected by CVE-2025-45691 via ragas (>=0.2.6 <=0.3.0)
ragas PYPI version =0.2.6, =0.1.10, =0.3.4, =1.0.0, =1.0.1 Source cves: CVE-2025-45691 Source advisory: SNYK:PYTHON-RAGAS-15440561...
Exploit for CVE-2026-25211
Llama Stack pgvector Password Leak PoC CVE-2026-25211 Loc...
lightspeed-stack (>=0.1.1 <=0.4.0), lightspeed-stack-providers (>=0.1.10 <=0.1.18) +5 more potentially affected by CVE-2026-25211 via llama-stack (>=0.2.10.1 <=0.3.5)
llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.3.4, =0.1.0, =0.2.0, =0.3.0a0 Source cves: CVE-2026-25211 Source advisory: SNYK:PYTHON-LLAMASTACK-15166608...
Insertion of Sensitive Information into Log File
Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the pgvector.py component. An attacker can obtain sensitive information by accessing log files that contain uncensored credentials. Remediation Upgrade...
GHSA-XMFJ-7PP5-FXR6 Llama Stack exposes secret in initialization log
Llama Stack aka llama-stack before 0.4.0rc3 does not censor the pgvector password in the initialization log...
Llama Stack exposes secret in initialization log
Llama Stack aka llama-stack before 0.4.0rc3 does not censor the pgvector password in the initialization log...
lightspeed-stack (>=0.1.1 <=0.4.2), lightspeed-stack-providers (>=0.1.10 <=0.4.3) +5 more potentially affected by CVE-2026-25211 via llama-stack (>=0.2.10.1 <=0.4.3)
llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.3.4, =0.1.0, =0.2.0, =0.3.0a0 Source cves: CVE-2026-25211 Source advisory: OSV:GHSA-XMFJ-7PP5-FXR6...
CVE-2026-25211
Llama Stack aka llama-stack before 0.4.0rc3 does not censor the pgvector password in the initialization log...
CVE-2026-25211
Llama Stack aka llama-stack before 0.4.0rc3 does not censor the pgvector password in the initialization log...
EUVD-2026-5041
Llama Stack aka llama-stack before 0.4.0rc3 does not censor the pgvector password in the initialization log...
CVE-2026-25211
Llama Stack aka llama-stack before 0.4.0rc3 does not censor the pgvector password in the initialization log...
CVE-2026-25211
Llama Stack aka llama-stack before 0.4.0rc3 does not censor the pgvector password in the initialization log...