llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined with pointer leaks from ALLOCBUFFER/BUFFERGET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been patched in version b8492.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34159.json",
"cwe_ids": [
"CWE-119"
],
"cna_assigner": "GitHub_M"
}{
"source": [
"AFFECTED_FIELD",
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:ggml:llama.cpp:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "b8492"
}
]
}