Strixa AI
TopicsSearchPricing
Sign inStart tracking

Signal Detail

Loading signal detail

Reading this signal card's judgment, risks, and evidence.

Strixa AI
TopicsSearchPricing
Sign inStart tracking
Back to Signal Feed
CodeTracked since May 20, 2026

Guard unbounded recursive walkers in llama-index against nested-input crashes

This PR applies one primary security/correctness fix across four public-path recursive walkers in `llama-index-core`, adding guarded handling for `RecursionError` so extremely deep dict/list inputs no longer crash core pipelines. The same vulnerability pattern fixed previously in related work (CVE-2025-5302/5472) is closed for chat serialization, selector parsing, graph value sanitization, and text-to-cypher cleanup by replacing hard failures with controlled fallbacks.

llama-index-coreRecursionErrorChatMessage._recursive_serializationSelectionOutputParser._filter_dict

Signal Intelligence

Confidence Level97%
Worth Continued TrackingFinal score 82% with 1 evidence item.
Primary Impact Areas
llama-index-coreRecursionErrorChatMessage._recursive_serialization

What Happened

  • This PR applies one primary security/correctness fix across four public-path recursive walkers in `llama-index-core`, adding guarded handling for `RecursionError` so extremely deep dict/list inputs no longer crash core pipelines. The same vulnerability pattern fixed previously in related work (CVE-2025-5302/5472) is closed for chat serialization, selector parsing, graph value sanitization, and text-to-cypher cleanup by replacing hard failures with controlled fallbacks.
  • This PR applies one primary security/correctness fix across four public-path recursive walkers in `llama-index-core`, adding guarded handling for `RecursionError` so extremely deep dict/list inputs no longer crash core pipelines. The same vulnerability pattern fixed previously in related work (CVE-2025-5302/5472) is closed for chat serialization, selector parsing, graph value sanitization, and text-to-cypher cleanup by replacing hard failures with controlled fallbacks.
  • 1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

Implemented explicit `try/except RecursionError` protection in four recursive walk sinks and standardized graceful degradation behavior per call site: chat message serialization returns an empty dict with warning, selector parsing raises `OutputParserException('Selector output JSON is too deeply nested to parse.')`, and other graph/text-to-cypher cleaners return `None` instead of propagating crashes. This makes deep-nesting inputs from external sources fail safely without taking down broader API flows.

Why Track This

Why It Matters

Applications using llama-index for LLM tool responses, persisted chat history, or graph-backed retrieval are now less likely to experience total request crashes from deeply nested payloads, so operators and developers get a more stable service instead of abrupt `RecursionError`/serialization aborts. Technically, four vulnerable entry points now trap uncontrolled recursion and convert it into contained outcomes (empty dict, explicit parser exception, or `None`) rather than unhandled stack failures, but teams should monitor for silent data loss in `None`/empty-dict fallbacks and track whether these cases increase in normal workloads; continued review is needed for other recursive traversal paths that remain unbounded.

Impact

Applications using llama-index for LLM tool responses, persisted chat history, or graph-backed retrieval are now less likely to experience total request crashes from deeply nested payloads, so operators and developers get a more stable service instead of abrupt `RecursionError`/serialization aborts. Technically, four vulnerable entry points now trap uncontrolled recursion and convert it into contained outcomes (empty dict, explicit parser exception, or `None`) rather than unhandled stack failures, but teams should monitor for silent data loss in `None`/empty-dict fallbacks and track whether these cases increase in normal workloads; continued review is needed for other recursive traversal paths that remain unbounded.

What To Watch Next

  • Watch whether llama-index-core becomes a repeated pattern.
  • Track follow-up changes around AI Security.
  • Compare future signals against this evidence trail.
  • Re-check risk flags: other_recursive_walkers_without_recursion_guards, fallback_none_or_empty_dict_masking_payload_integrity.
Open Topic TimelineOpen Technical EventOpen Original Sourceother_recursive_walkers_without_recursion_guards / fallback_none_or_empty_dict_masking_payload_integrity / rise_in_outputparserexception_volume / untested_nested_input_edge_cases

Supporting Evidence

GITHUB PULL REQUESTHigh Trust

run-llama/llama_index PR #21647: fix(core): guard four recursive walkers against RecursionError DoS

Public llama-index call paths now catch uncontrolled recursion from deeply nested external data instead of bubbling a raw recursion failure.