PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-58339 run-llama CVE debrief

CVE-2024-58339 is an uncontrolled resource consumption vulnerability in LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2. The VannaPack VannaQueryEngine implementation allows an attacker to trigger expensive or unbounded SQL operations via the custom_query() logic, leading to a denial-of-service condition. This issue occurs in llama_index/packs/vanna/base.py within custom_query(). Affected users should be aware of this vulnerability and take steps to mitigate it, especially in downstream deployments where untrusted users can supply prompts.

Vendor
run-llama
Product
llama_index
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-12
Original CVE updated
2026-07-14
Advisory published
2026-01-12
Advisory updated
2026-07-14

Who should care

Users of LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 should be aware of this vulnerability and take steps to mitigate it, especially in downstream deployments where untrusted users can supply prompts. Operators, platform administrators, vulnerability management teams, and security teams should review their deployments and implement necessary controls.

Technical summary

The custom_query() logic in LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 generates SQL statements from user-supplied prompts and executes them via vn.run_sql() without enforcing query execution limits. This allows an attacker to trigger expensive or unbounded SQL operations that exhaust CPU or memory resources, resulting in a denial-of-service condition. The vulnerability is located in llama_index/packs/vanna/base.py within custom_query(). Affected deployments should prioritize updates and implement query execution limits.

Defensive priority

High priority should be given to updating LlamaIndex (run-llama/llama_index) to a version beyond 0.12.2 to prevent exploitation of this uncontrolled resource consumption vulnerability. Additionally, implementing query execution limits and monitoring for suspicious SQL operations are crucial defensive measures.

Recommended defensive actions

  • Update LlamaIndex (run-llama/llama_index) to a version beyond 0.12.2.
  • Implement query execution limits in downstream deployments.
  • Monitor for suspicious SQL operations in LlamaIndex deployments.
  • Restrict user input to prevent supplying malicious prompts.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-01-12T23:15:51.630Z and was last modified on 2026-07-14T23:17:18.020Z. The NVD entry is currently Analyzed. This vulnerability affects LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2. The VannaPack VannaQueryEngine implementation allows an attacker to trigger expensive or unbounded SQL operations via the custom_query() logic, leading to a denial-of-service condition. The vulnerable execution path occurs in llama_index/packs/vanna/base.py within custom_query(). Users should verify their deployments and review official advisories for mitigation strategies.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-12T23:15:51.630Z and has not been modified since then. The NVD entry is currently Analyzed.