Description
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fills up, llama_memory_seq_rm/add receives a reversed range and negative offset, causing out-of-bounds memory writes in the token evaluation loop. This deterministic memory corruption can crash the process or enable remote code execution (RCE). There is no fix at the time of publication.
Published: 2026-01-07
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Assess Impact
AI Analysis

Impact

An out‑of‑bounds memory write is triggered when the llama.cpp server parses the n_discard parameter from JSON input without verifying that it is non‑negative. Supplying a negative value causes the memory removal routine to use a reversed range and negative offset, corrupting memory during the token evaluation loop. This deterministic corruption can crash the process or, in a remote context, enable code execution.

Affected Systems

The vulnerability affects the ggml-org llama.cpp implementation, specifically versions associated with commit 55d4206c8 and earlier. No version list is provided, so any release prior to a forthcoming fix is potentially exposed. The affected component is the llama.cpp server’s completion endpoints receiving JSON input.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, but the EPSS score of less than 1% suggests a low exploitation probability at this time. The vulnerability is not listed in the KEV catalog. A remote attacker can trigger the flaw by sending a crafted JSON request to the server’s completion endpoint with a negative n_discard value. Without a patch, mitigating such an attack would require input validation or network restriction.

Generated by OpenCVE AI on April 18, 2026 at 07:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a revised llama.cpp release that validates the n_discard parameter or applies the fix described in the advisory.
  • Harden network exposure by limiting access to the llama.cpp server behind a firewall or by using IP whitelisting.
  • Implement server‑side input validation to reject negative n_discard values before processing requests.

Generated by OpenCVE AI on April 18, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 02 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ggml:llama.cpp:-:*:*:*:*:*:*:*

Thu, 08 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 08 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 08 Jan 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Ggml
Ggml llama.cpp
Vendors & Products Ggml
Ggml llama.cpp

Wed, 07 Jan 2026 23:45:00 +0000

Type Values Removed Values Added
Description llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fills up, llama_memory_seq_rm/add receives a reversed range and negative offset, causing out-of-bounds memory writes in the token evaluation loop. This deterministic memory corruption can crash the process or enable remote code execution (RCE). There is no fix at the time of publication.
Title llama.cpp has Out-of-bounds Write in llama-server
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Ggml Llama.cpp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-08T19:15:28.709Z

Reserved: 2026-01-05T16:44:16.368Z

Link: CVE-2026-21869

cve-icon Vulnrichment

Updated: 2026-01-08T19:15:19.593Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-08T00:16:00.297

Modified: 2026-02-02T19:12:36.020

Link: CVE-2026-21869

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-07T23:37:59Z

Links: CVE-2026-21869 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:00:05Z

Weaknesses