SB2026021916 - Insufficient Technical Documentation in run-llama/llama_index library
Published: February 19, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Insufficient Technical Documentation (CVE-ID: CVE-2025-3108)
CWE-ID: CWE-1059 - Insufficient Technical Documentation
CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure fallback to Python's pickle module. A remote attacker can exploit this vulnerability by crafting malicious payloads to achieve full system compromise. The root cause includes an insecure fallback mechanism, lack of validation or safeguards, misleading design, and violation of Python security guidelines.
Remediation
Install update from vendor's website.