CVE-2026-34159

CRITICAL

llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend

Title source: cna

Description

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been patched in version b8492.

Exploits (1)

nomisec WORKING POC
by casp3r0x0 · poc
https://github.com/casp3r0x0/CVE-2026-34159

References (3)

Scores

CVSS v3 9.8
EPSS 0.0015
EPSS Percentile 35.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
ggml-org/llama.cpp < b8492
Published Apr 01, 2026
Tracked Since Apr 01, 2026