AIKIDO-2026-10351
llama-index-core is vulnerable to Deserialization of Untrusted Data
70
High Risk
This Affects:
llama-index-coreTL;DR
Affected versions of this package insecurely deserialize data in SimpleObjectNodeMapping.from_persist_dir() using unrestricted pickle.load(), which may lead to arbitrary code execution. Because the persist directory path is configurable and the filename object_node_mapping.pickle is predictable, an attacker who can write to this directory can place a malicious pickle payload. When the application later loads the mapping, the crafted object is deserialized and its embedded code executes with the privileges of the running process. It can occur through vectors such as path traversal vulnerabilities, shared writable filesystems, or compromised data ingestion pipelines.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
llama-index-core is vulnerable to Deserialization of Untrusted Data in versions 0.9.8 - 0.14.15.
How to fix this
Upgrade the llama-index-core library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant