CVE-2026-25211
LOWSeverity by source
AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.
AnalysisAI
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. [CVSS 3.2 LOW]
Technical ContextAI
Classified as CWE-532 (Insertion of Sensitive Information into Log File). Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.
Affected ProductsAI
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.
RemediationAI
Monitor vendor advisories for a patch.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-xmfj-7pp5-fxr6