PYSEC-2026-397

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/llama-index-core/PYSEC-2026-397.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-397
Aliases
Published
2026-06-29T11:50:39.328327Z
Modified
2026-06-29T12:15:28.202385200Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Details

A vulnerability was identified in the exec_utils class of the llama_index package, specifically within the safe_eval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw.

References

Affected packages

PyPI / llama-index-core

Package

Name
llama-index-core
View open source insights on deps.dev
Purl
pkg:pypi/llama-index-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.24

Affected versions

0.*
0.9.41
0.9.42
0.9.42.post3
0.9.43
0.9.44
0.9.44.post1
0.9.44.post2
0.9.44.post3
0.9.45
0.9.46
0.9.47
0.9.48
0.9.49
0.9.50
0.9.50.post1
0.9.51
0.9.52
0.9.53
0.9.54
0.9.55
0.9.56
0.10.0
0.10.1
0.10.2
0.10.3
0.10.5a1
0.10.5a2
0.10.5a3
0.10.5a4
0.10.5a5
0.10.5a6
0.10.5a7
0.10.5a8
0.10.5a9
0.10.5a10
0.10.5
0.10.6
0.10.6.post1
0.10.7
0.10.8
0.10.8.post1
0.10.9
0.10.10
0.10.11
0.10.11.post1
0.10.12
0.10.13
0.10.14
0.10.14.post1
0.10.15
0.10.16
0.10.16.post1
0.10.17
0.10.18
0.10.18.post1
0.10.19
0.10.20
0.10.20.post1
0.10.20.post2
0.10.20.post3
0.10.21
0.10.21.post1
0.10.22
0.10.23
0.10.23.post1
0.10.24a1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/llama-index-core/PYSEC-2026-397.yaml"