CVE-2026-25211

CVSS v3.1

3.2

Low

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Llama Stack versions prior to 0.4.0rc3

Description The software does not properly conceal the pgvector password within the initialization logs, potentially exposing sensitive credentials.

Recommendations Update to version 0.4.0rc3 or later.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2026-25211

GHSA-XMFJ-7PP5-FXR6

Affected Products

Llama Stack

Pgvector

CVE-2026-25211

Weakness Enumeration

Related Identifiers

Affected Products

References · 10