Home

Description

Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.

PUBLISHED Reserved 2026-01-30 | Published 2026-01-30 | Updated 2026-01-30 | Assigner mitre




LOW: 3.2CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Problem types

CWE-532 Insertion of Sensitive Information into Log File

Product status

Default status
unaffected

Any version before 0.4.0rc3
affected

References

github.com/llamastack/llama-stack/pull/4439

github.com/...tack/llama-stack/compare/v0.4.0rc2...v0.4.0rc3

cve.org (CVE-2026-25211)

nvd.nist.gov (CVE-2026-25211)

Download JSON