Primary

Context

Llama Stack Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in Llama Stack versions prior to v0.2.20. The issue arises from the acceptance of unverified parameters in the 'resolve_ast_by_type' function, which could be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to remote code execution on the server where Llama Stack is running.

Remediation

Users can upgrade to Llama Stack version v0.2.20 or later to address this vulnerability.

Added: Sep 24, 2025, 10:14 PM

Updated: Sep 24, 2025, 10:14 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Llama Stack Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating