CVE-2024-14021
Unsafe Deserialization in LlamaIndex BGEM3Index Enables Code Execution
Publication date: 2026-01-12
Last updated on: 2026-01-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| run-llama | llama_index | to 0.11.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-14021 is an unsafe deserialization vulnerability in LlamaIndex versions up to 0.11.6. It occurs in the BGEM3Index.load_from_disk() function, which uses Python's pickle.load() to deserialize a file named multi_embed_store.pkl from a user-supplied directory without validating the file. An attacker who can provide a malicious pickle file in this directory can execute arbitrary code when the victim loads the index from disk. [1]
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on the victim's system if they load a maliciously crafted persist directory containing a harmful pickle file. This means an attacker could potentially take control of the affected system, compromising confidentiality, integrity, and availability of data and resources. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if the vulnerable function BGEM3Index.load_from_disk() is used to deserialize the file multi_embed_store.pkl from a user-supplied persist_dir without validation. Since the vulnerability involves unsafe deserialization using Python's pickle.load(), you can check for the presence of multi_embed_store.pkl files in persist directories and monitor or audit the loading of these files in your environment. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding loading indexes from untrusted or user-supplied persist directories that may contain malicious pickle files. Do not use versions of LlamaIndex up to and including 0.11.6 that contain this unsafe deserialization vulnerability. Instead, update to a version where this issue is fixed or implement validation/sanitization of the pickle files before deserialization to prevent arbitrary code execution. [1]