8492.0.1
CVE-2026-34159 is a critical Remote Code Execution (RCE) vulnerability affecting llama.cpp, a C/C++ inference library for Large Language Models (LLMs). This vulnerability allows an unauthenticated attacker to gain control of a system by exploiting a flaw in the RPC backend's message deserialization process. Versions of llama.cpp prior to b8492 are vulnerable, and a fix has been released in version b8492.
The vulnerability lies in the deserializetensor() function within the RPC backend. It fails to validate tensor buffer boundaries, allowing an attacker to craft malicious GRAPHCOMPUTE messages. These messages can be used to read and write arbitrary memory locations within the affected process. Combined with potential pointer leaks, this bypasses Address Space Layout Randomization (ASLR), enabling the attacker to execute arbitrary code on the target system. Successful exploitation requires only TCP access to the RPC server port, making it easily exploitable. The lack of authentication significantly broadens the potential attack surface.
This vulnerability is considered high-risk due to its CRITICAL CVSS score and the ease of exploitation. Public proof-of-concept (PoC) code is likely to emerge given the vulnerability's nature and the popularity of llama.cpp. While no active exploitation campaigns have been publicly confirmed as of the publication date, the lack of authentication and the potential for ASLR bypass make it a prime target. The vulnerability was publicly disclosed on 2026-04-01.
Exploit Status
EPSS
0.15% (36% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade to version b8492 or later of llama.cpp. If upgrading is not immediately feasible, consider isolating the llama.cpp instance behind a firewall to restrict TCP access to the RPC server port. While a direct workaround is not available, carefully review any external data being processed by llama.cpp to identify potential malicious inputs. Monitor system logs for unusual memory access patterns or unexpected process behavior that might indicate exploitation attempts. After upgrading, confirm the fix by attempting to send a crafted GRAPH_COMPUTE message and verifying that the deserialization process now performs proper bounds checking.
Update to version b8492 or later of llama.cpp. This version fixes the remote code execution vulnerability by correctly validating the bounds of deserialized tensors in the RPC backend.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34159 is a critical Remote Code Execution vulnerability in llama.cpp versions before b8492. An attacker can exploit this to execute arbitrary code on a system by crafting malicious messages.
You are affected if you are using llama.cpp versions prior to b8492. Check your version and upgrade immediately.
Upgrade to version b8492 or later of llama.cpp. If immediate upgrade is not possible, isolate the instance and monitor logs.
While no active exploitation campaigns have been confirmed, the vulnerability's ease of exploitation makes it a potential target. Vigilance is advised.
Refer to the llama.cpp project's repository or website for the official advisory and release notes regarding this vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.