Skip to main content

Llama Cpp CVE-2026-34159

| EUVD-2026-17975 CRITICAL
Buffer Overflow (CWE-119)
2026-04-01 GitHub_M
RCE Buffer Overflow Llama Cpp
9.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 17:30 euvd
EUVD-2026-17975
Analysis Generated
Apr 01, 2026 - 17:30 vuln.today
CVE Published
Apr 01, 2026 - 16:59 nvd
CRITICAL 9.8

DescriptionGitHub Advisory

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been patched in version b8492.

AnalysisAI

Remote code execution in llama.cpp RPC backend allows unauthenticated attackers with TCP access to achieve arbitrary memory read/write and full ASLR bypass. The vulnerability stems from missing bounds validation in deserialize_tensor() when processing GRAPH_COMPUTE messages with zero-valued buffer fields. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Connect to unprotected RPC server port
Delivery
Send ALLOC_BUFFER/BUFFER_GET_BASE messages for pointer leaks
Exploit
Craft GRAPH_COMPUTE message with zero buffer field
Execution
Bypass bounds validation and read/write arbitrary memory
Impact
Achieve ASLR bypass and execute arbitrary code
Sign in to reveal

Vulnerability AssessmentAI

Exploitation llama.cpp RPC backend must be exposed on network with TCP access. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability represents critical real-world risk across multiple threat intelligence signals. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies an internet-exposed llama.cpp RPC server port through network scanning. Without authentication, they establish a TCP connection and send specially crafted ALLOC_BUFFER and BUFFER_GET_BASE messages to leak process memory addresses, defeating ASLR protections. …
Remediation Immediately upgrade llama.cpp to version b8492 or later, corresponding to commit 39bf0d3c6a95803e0f41aaba069ffbee26721042 or any subsequent release. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all systems running llama.cpp RPC backend and isolate them from untrusted networks; document inventory with versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical

Share

CVE-2026-34159 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy