CVE-2024-58339

HighPublic PoC

Published: 12 January 2026

Published

12 January 2026

Modified

21 January 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0012 30.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58339 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Llamaindex Llamaindex. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 30.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other AI Platforms.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AC-10 Concurrent Session Control

addresses: CWE-770

This control implements explicit throttling on session allocation, addressing the weakness of allocating resources without limits.

CP-4 Contingency Plan Testing

addresses: CWE-770

Plan testing exercises resource allocation limits and throttling during simulated failures, directly addressing weaknesses that allow unbounded resource use.

CP-5 Contingency Plan Update

addresses: CWE-770

Contingency plan updates ensure recovery strategies address unbounded resource allocation, making it harder for attackers to exploit lack of throttling to cause prolonged outages.

CP-7 Alternate Processing Site

addresses: CWE-770

Provides continuity when unbounded resource allocation at the primary site leads to exhaustion and downtime.

CP-8 Telecommunications Services

addresses: CWE-770

Alternate services allow operations to continue when primary allocation of resources lacks limits or throttling.

PL-6 Security-related Activity Planning

addresses: CWE-770

Explicit planning of security-related actions requires defining limits, windows, and resource allocations, making allocation without throttling far less likely.

PM-6 Measures of Performance

addresses: CWE-770

Measures of performance include tracking allocation behavior and throttling effectiveness, reducing the window for resource exhaustion attacks.

SC-10 Network Disconnect

addresses: CWE-770

Imposes an inactivity-based limit on network resource allocation, throttling the number of concurrently held connections.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Uncontrolled resource consumption via crafted prompts enables application exhaustion through exploitation of the VannaQueryEngine SQL execution path.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via vn.run_sql() without enforcing query execution limits In…

downstream deployments where untrusted users can supply prompts, an attacker can trigger expensive or unbounded SQL operations that exhaust CPU or memory resources, resulting in a denial-of-service condition. The vulnerable execution path occurs in llama_index/packs/vanna/base.py within custom_query().

Deeper analysisAI

CVE-2024-58339 is an uncontrolled resource consumption vulnerability (CWE-770) affecting LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2. The issue resides in the VannaPack VannaQueryEngine implementation, specifically within the custom_query() function in llama_index/packs/vanna/base.py. This logic generates SQL statements from user-supplied prompts and executes them via vn.run_sql() without enforcing query execution limits, enabling resource exhaustion.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for denial-of-service. Remote attackers require no privileges or user interaction and can exploit it over the network with low complexity. In downstream deployments where untrusted users provide prompts to the VannaQueryEngine, an attacker can supply crafted prompts that generate expensive or unbounded SQL operations, exhausting CPU or memory resources and causing a denial-of-service condition.

Advisories from sources including VulnCheck, Huntr, and the LlamaIndex GitHub repository detail the vulnerability and its exploitation path. Security practitioners should consult these references—such as https://www.vulncheck.com/advisories/llamaindex-vannaqueryengine-sql-execution-allows-resource-exhaustion and https://huntr.com/bounties/a1d6c30d-fce0-412a-bd22-14e0d4c1fa1f—for guidance on identifying affected deployments and implementing mitigations like input validation or query limits.

This issue is particularly relevant to AI/ML workflows, as LlamaIndex is a framework for building LLM-powered applications, potentially exposing data querying interfaces in production RAG systems to resource exhaustion attacks. No real-world exploitation has been reported in the provided details.