Skip to main content

whisper.cpp CVE-2026-10298

| EUVD-2026-33831 LOW
NULL Pointer Dereference (CWE-476)
2026-06-01 VulDB GHSA-jx42-8f9x-g57f
Null Pointer Dereference Denial Of Service Whisper Cpp
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 01, 2026 - 23:30 vuln.today
CVSS changed
Jun 01, 2026 - 23:22 NVD
3.3 (LOW) 1.9 (LOW)

DescriptionCVE.org

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Null pointer dereference in whisper.cpp up to version 1.8.2 allows a local authenticated attacker to crash the application via a crafted input during model loading. The vulnerable code path is the whisper_model_load function within ggml/src/ggml.c, resulting in a limited availability impact (application denial of service) with no confidentiality or integrity consequences. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local low-privilege shell access
Delivery
Supply crafted or malformed model file
Exploit
Invoke whisper_model_load with malicious input
Execution
Null pointer dereference triggered in ggml/src/ggml.c
Impact
whisper.cpp process crashes (application DoS)
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Local, authenticated access with low privileges is required - the CVSS 4.0 vector confirms AV:L (local attack vector) and PR:L (low privileges required), meaning the attacker must already have a shell or equivalent access on the target host. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The real-world risk of this vulnerability is very low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with standard (low-privilege) account access on a system running whisper.cpp crafts or supplies a malformed model file to the application. When whisper_model_load processes the file, the missing null check causes an immediate null pointer dereference, crashing the whisper.cpp process. …
Remediation No vendor-released patch has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10298 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy