Vulnerabilities

- LlamaIndex <= 0.12.2 vannaqueryengine sql execution allows resource exhaustion CVE-2024-58339

2026-01-13 0 views admin

CVE ID : CVE-2024-58339 Published : Jan. 12, 2026, 11:15 p.m. | 1 hour, 35 minutes ago Description : LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via vn.run_sql() without enforcing query execution limits In downstream deployments where untrusted users can supply prompts, an attacker can trigger expensive or unbounded SQL operations that exhaust CPU or memory resources, resulting in a denial-of-service condition. The vulnerable execution path occurs in llama_index/packs/vanna/base.py within custom_query(). Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2024-58339

Severity

HIGH

Published

Jan. 12, 2026

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2024-58339high

- LlamaIndex <= 0.12.2 vannaqueryengine sql execution allows resource exhaustion CVE-2024-58339

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-9427 - Admin reflected XSS - Guide

CVE-2025-14507 - EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - unauthenticated

CVE-2025-11669 - Broken Access Control

Update: CVE-2026-0880 - Sandbox escape due to integer overflow in the Graphics component

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting