Description
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.
Published: 2026-01-30
Score: 3.2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Apply Patch
AI Analysis

Impact

This vulnerability causes the Llama Stack application, before version 0.4.0rc3, to write the pgvector database password in plaintext into its initialization log file. The leaked credential is a direct violation of confidentiality, allowing anyone who can read the log files to potentially authenticate to the underlying database and access or modify data. The weakness is classified as CWE-532, Sensitive Information Exposure in log data.

Affected Systems

The affected product is Llama Stack by llamastack, specifically all releases prior to 0.4.0rc3. Systems running those versions contain unmasked pgvector passwords in their startup logs.

Risk and Exploitability

The CVSS score of 3.2 indicates a low severity, and the EPSS score of less than 1% suggests a very low probability of widespread exploitation. The issue is not currently listed in the CISA KEV catalog. Exploitation requires the attacker to have read access to the application’s log files, which may be available locally or remotely if logs are exposed over a network. Consequently, the attack vector is inferred to be local filesystem access or remote log exposure; precise vectors are not detailed in the advisory.

Generated by OpenCVE AI on April 18, 2026 at 14:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Llama Stack version 0.4.0rc3 or later, which eliminates logging of pgvector passwords.
  • Clear existing log files that may contain plaintext passwords and restrict log access to privileged users only.
  • Implement log sanitization by configuring the application to mask sensitive data before writing to log files (e.g., use a log filter that redacts passwords).

Generated by OpenCVE AI on April 18, 2026 at 14:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xmfj-7pp5-fxr6 Llama Stack exposes secret in initialization log
History

Tue, 03 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Llamastack
Llamastack llama Stack
Vendors & Products Llamastack
Llamastack llama Stack

Fri, 30 Jan 2026 12:15:00 +0000

Type Values Removed Values Added
Title llamastack/llama-stack: Sensitive Information Exposure Through Log Files in Llama Stack PGVector Integration
References
Metrics threat_severity

None

 threat_severity

Low

Fri, 30 Jan 2026 07:30:00 +0000

Type Values Removed Values Added
Description Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 3.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N'}

Subscriptions

Llamastack Llama Stack
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-02-03T16:42:00.560Z

Reserved: 2026-01-30T07:16:14.082Z

Link: CVE-2026-25211

cve-icon Vulnrichment

Updated: 2026-02-03T15:53:22.217Z

cve-icon NVD

Status : Deferred

Published: 2026-01-30T08:16:02.563

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-25211

cve-icon Redhat

Severity : Low

Publid Date: 2026-01-07T12:15:22Z

Links: CVE-2026-25211 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:45:03Z

Weaknesses