{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-25211", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-01-30T07:16:14.082Z", "datePublished": "2026-01-30T07:16:14.350Z", "dateUpdated": "2026-02-03T16:42:00.560Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Llama Stack", "vendor": "llamastack", "versions": [{"lessThan": "0.4.0rc3", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-01-30T07:22:14.986Z"}, "references": [{"url": "https://github.com/llamastack/llama-stack/pull/4439"}, {"url": "https://github.com/llamastack/llama-stack/compare/v0.4.0rc2...v0.4.0rc3"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T15:53:16.707713Z", "id": "CVE-2026-25211", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T16:42:00.560Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-25211", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-01-30T07:16:14.082Z", "datePublished": "2026-01-30T07:16:14.350Z", "dateUpdated": "2026-02-03T16:42:00.560Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Llama Stack", "vendor": "llamastack", "versions": [{"lessThan": "0.4.0rc3", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-01-30T07:22:14.986Z"}, "references": [{"url": "https://github.com/llamastack/llama-stack/pull/4439"}, {"url": "https://github.com/llamastack/llama-stack/compare/v0.4.0rc2...v0.4.0rc3"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25211", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T15:53:16.707713Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:53:22.217Z"}}]}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log."}, {"lang": "es", "value": "Llama Stack (tambi\u00e9n conocido como llama-stack) antes de 0.4.0rc3 no censura la contrase\u00f1a de pgvector en el registro de inicializaci\u00f3n."}], "id": "CVE-2026-25211", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-01-30T08:16:02.563", "references": [{"source": "cve@mitre.org", "url": "https://github.com/llamastack/llama-stack/compare/v0.4.0rc2...v0.4.0rc3"}, {"source": "cve@mitre.org", "url": "https://github.com/llamastack/llama-stack/pull/4439"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "llamastack/llama-stack: Sensitive Information Exposure Through Log Files in Llama Stack PGVector Integration", "id": "2427563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427563"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-532", "details": ["A security issue was identified in the Llama Stack server when PGVector is used as a vector store provider. During initialization, the server logs print the PGVector database password in clear text. This occurs due to insufficient redaction of sensitive configuration fields. As a result, anyone with access to the application logs can retrieve database credentials, increasing the risk of unauthorized database access."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, ensure strict access controls are implemented for server and application logs associated with Llama Stack deployments. Restrict log file and directory access to authorized personnel only to prevent unauthorized disclosure of sensitive database credentials. Consider integrating log redaction or encryption solutions if supported by your logging infrastructure for enhanced data protection."}, "name": "CVE-2026-25211", "package_state": [{"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-llama-stack-k8s-operator-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-01-07T12:15:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25211\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25211"], "statement": "The vulnerability has a Low impact.The flaw involves information exposure through log files in the Llama Stack server when PGVector is configured, where database passwords are logged in plaintext.", "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-04-18T14:30:03.564952+00:00", "value": {"mitigation_remediation": ["Upgrade to Llama Stack version 0.4.0rc3 or later, which eliminates logging of pgvector passwords.", "Clear existing log files that may contain plaintext passwords and restrict log access to privileged users only.", "Implement log sanitization by configuring the application to mask sensitive data before writing to log files (e.g., use a log filter that redacts passwords)."], "summary": {"action": "Apply Patch", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "The affected product is Llama Stack by llamastack, specifically all releases prior to 0.4.0rc3. Systems running those versions contain unmasked pgvector passwords in their startup logs.", "description_and_impact": "This vulnerability causes the Llama Stack application, before version 0.4.0rc3, to write the pgvector database password in plaintext into its initialization log file. The leaked credential is a direct violation of confidentiality, allowing anyone who can read the log files to potentially authenticate to the underlying database and access or modify data. The weakness is classified as CWE-532, Sensitive Information Exposure in log data.", "risk_and_exploitability": "The CVSS score of 3.2 indicates a low severity, and the EPSS score of less than 1% suggests a very low probability of widespread exploitation. The issue is not currently listed in the CISA KEV catalog. Exploitation requires the attacker to have read access to the application\u2019s log files, which may be available locally or remotely if logs are exposed over a network. Consequently, the attack vector is inferred to be local filesystem access or remote log exposure; precise vectors are not detailed in the advisory."}}}}, "created": "2026-02-02T09:27:52.178128+00:00", "updated": "2026-04-18T14:45:03.106856+00:00", "vendors": ["llamastack", "llamastack$PRODUCT$llama_stack"]}