Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastby_type function which could potentially allow for remote code execution.
"https://github.com/pypa/advisory-database/blob/main/vulns/llama-stack/PYSEC-2026-1571.yaml"