CVE-2024-41950: Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vecto
highvulnerabilityLLM-Specific
security
Summary
Haystack is a framework for building applications with LLMs (large language models) and AI tools, but versions before 2.3.1 have a critical vulnerability where attackers can execute arbitrary code if they can create and render Jinja2 templates (template engines that generate dynamic text). This affects Haystack clients that allow users to create and run Pipelines, which are workflows that process data through multiple steps.
Solution / Mitigation
The vulnerability has been fixed in Haystack version 2.3.1. Users should upgrade to this version or later.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 1.6%
Classification
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentialityavailability
Taxonomy References
CWE (Weakness Type)
Affected Vendors
LlamaIndex
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-41950
First tracked: February 15, 2026 at 08:36 PM
Classified by LLM (prompt v3) · confidence: 95%