CRITICAL🇵🇱 Wersja polska

CVE-2026-34159

CVSS 9.8v3.1pub. 2026-04-01upd. 2026-04-30

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been patched in version b8492.

🤖 AI Analysis
How it works

The deserialize_tensor() function in the RPC backend completely skips bounds validation when the tensor buffer field has a value of 0. An attacker can send crafted GRAPH_COMPUTE messages to read and write arbitrary memory areas of the process. Additional ALLOC_BUFFER and BUFFER_GET_BASE messages enable pointer leakage, allowing ASLR bypass. Only TCP access to the RPC server port is needed to carry out the attack — authentication is not required.

Impact

An attacker without any privileges can gain full control over the process, including executing arbitrary code remotely (RCE), as well as reading or modifying sensitive data in the process memory.

Mitigation & patch

Update llama.cpp to version b8492 or later, where the bug has been fixed. If an immediate update is not possible, block access to the RPC server port at the firewall level and restrict it exclusively to trusted hosts.

Who is affected

llama.cpp (Ggml) in all versions prior to b8492, when the RPC backend is active and the RPC server is accessible over the network.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ggml Llama.cpp

    APP
    Ggml
    < b8492
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth BypassDeserialization
CWE
References

Related vulnerabilities

CVE-2024-42479CRITICAL10.0PL ✓ten sam produkt

Zapis pod dowolny adres pamięci w llama.cpp poprzez wskaźnik rpc_tensor

CVE-2026-33298HIGH7.8ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in...

CVE-2026-27940HIGH7.8ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gg...

CVE-2026-21869HIGH8.8ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parame...

CVE-2025-52566HIGH8.6ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsign...