CVE-2026-21869

Name
CVE-2026-21869
Description
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fills up, llama_memory_seq_rm/add receives a reversed range and negative offset, causing out-of-bounds memory writes in the token evaluation loop. This deterministic memory corruption can crash the process or enable remote code execution (RCE). There is no fix at the time of publication.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-8947-pfff-2f3c

Match rules

CPE URI Source package Min version Max version
llama.cpp >= 0 <= 55d4206c8
cpe:2.3:a:ggml:llama.cpp:-:*:*:*:*:*:*:* llama.cpp == None == -

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
llama.cpp edge-community 0.0.9564-r0 Hugo Osvaldo Barrera <hugo@whynothugo.nl> possibly vulnerable
llama.cpp edge-community 0.0.9006-r0 Hugo Osvaldo Barrera <hugo@whynothugo.nl> possibly vulnerable