VDB
KO
MEDIUM 5.3

PYSEC-2026-1571

Llama Stack could potentially allow for remote code execution

Details

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / llama-stack
Introduced in: 0 Fixed in: 0.2.20
Fix pip install --upgrade 'llama-stack>=0.2.20'

References