Skip to main content

ncnn EUVDEUVD-2026-44794

| CVE-2026-50144 HIGH
Improper Input Validation (CWE-20)
2026-07-15 GitHub_M
7.1
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
vuln.today AI
7.1 HIGH

Exploitation needs a victim to load a malicious local model file, so AV:L and UI:R with PR:N; a heap-write corruption yields I:H/A:H but no disclosure, so C:N.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch available
Jul 15, 2026 - 22:33 EUVD
Source Code Evidence Fetched
Jul 15, 2026 - 20:32 vuln.today
Analysis Generated
Jul 15, 2026 - 20:32 vuln.today
CVE Published
Jul 15, 2026 - 20:04 cve.org
HIGH 7.1

DescriptionCVE.org

ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap write in ncnn::ParamDict::load_param() when Net::load_param() loads a malicious .param model file because the parsed parameter id is checked only against id >= NCNN_MAX_PARAM_COUNT, allowing a negative id to index before the params[NCNN_MAX_PARAM_COUNT] array. This vulnerability is fixed by commit 5a0288f255daa6c3294f77109f67718e434ec020.

AnalysisAI

Out-of-bounds heap write in Tencent's ncnn neural-network inference framework allows a crafted .param model file to corrupt heap memory when parsed by Net::load_param(). Because ParamDict::load_param() and load_param_bin() validated the parsed parameter id only against the upper bound (id >= NCNN_MAX_PARAM_COUNT), a negative id indexes before the params[] array, giving an attacker a write primitive below the allocated buffer. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft .param with negative parameter id
Delivery
Deliver malicious model to victim app
Exploit
Victim calls Net::load_param()
Execution
Bounds check misses negative id
Persist
Out-of-bounds heap write below params[]
Impact
Heap corruption, DoS or potential code execution

Vulnerability AssessmentAI

Exploitation Exploitation requires the target application to call Net::load_param() (or the binary load_param_bin path) on an attacker-controlled .param/.param.bin file whose parsed parameter id is negative - that specific malformed field IS the trigger. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H, base 7.1) captures the profile well: the vector is local because exploitation requires the victim application to load an attacker-supplied model file (UI:R), not a remote network service. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious .param model file containing a negative parameter id and delivers it to a victim who loads it through an ncnn-based application (for example a mobile app or ML tool that imports third-party models). When Net::load_param() parses the file, ParamDict::load_param() writes out of bounds below the params[] array, corrupting the heap and enabling denial of service or potentially further memory-corruption exploitation. …
Remediation Upstream fix available (PR/commit); released patched version not independently confirmed - apply the fix from commit 5a0288f255daa6c3294f77109f67718e434ec020 (https://github.com/Tencent/ncnn/commit/5a0288f255daa6c3294f77109f67718e434ec020), which adds a lower-bound 'id < 0' check to both load_param and load_param_bin, or upgrade to an ncnn release that includes it; consult the advisory at https://github.com/Tencent/ncnn/security/advisories/GHSA-jxmc-3mv6-7pwr for release guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify and catalog all production systems using Tencent ncnn, flagging those processing model files from external or untrusted sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44794 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy