SB2026021916 - Insufficient Technical Documentation in run-llama/llama_index library
Published: February 19, 2026
Security Bulletin ID
SB2026021916
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insufficient Technical Documentation (CVE-ID: CVE-2025-3108)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure fallback to Python's pickle module. A remote attacker can exploit this vulnerability by crafting malicious payloads to achieve full system compromise. The root cause includes an insecure fallback mechanism, lack of validation or safeguards, misleading design, and violation of Python security guidelines.
Remediation
Install update from vendor's website.