CVE-2026-21869
published 2026-01-08CVE-2026-21869: llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the…
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.44%
35.0th percentile
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fills up, llama_memory_seq_rm/add receives a reversed range and negative offset, causing out-of-bounds memory writes in the token evaluation loop. This deterministic memory corruption can crash the process or enable remote code execution (RCE). There is no fix at the time of publication.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | llama.cpp | — | — |
| ggml-org | llama.cpp | <= 55d4206c8 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to llama.cpp server completion endpoints (e.g., /completion, /v1/completions) for JSON bodies containing a negative integer value for the 'n_discard' parameter. ↗
- →Alert on process crashes or unexpected termination of the llama.cpp server process, which may indicate exploitation attempts triggering out-of-bounds memory writes. ↗
- →Flag any unauthenticated remote requests supplying a negative 'n_discard' value in JSON input to the server's completion endpoints, especially from untrusted networks. ↗
- →Inspect calls to llama_memory_seq_rm/add for reversed range arguments or negative offset values, which are the direct result of exploitation. ↗
- ·There is no fix available at the time of publication; affected deployments should restrict network access to the llama.cpp server to trusted clients only. ↗
- ·Risk is elevated for deployments where the llama.cpp server is exposed to untrusted or public networks, as exploitation requires no authentication. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2026-21869: llama
osv·2026-01-08·CVSS 9.8
CVE-2026-21869 [CRITICAL] CVE-2026-21869: llama
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fills up, llama_memory_seq_rm/add receives a reversed range and negative offset, causing out-of-bounds memory writes in the token evaluation loop. This deterministic memory corruption can crash the process or enable remote code execution (RCE). There is no fix at the time of publication.
Red Hat
llama.cpp: llama.cpp: Remote code execution via invalid n_discard parameter in server endpoints
vendor_redhat·2026-01-07·CVSS 8.8
CVE-2026-21869 [HIGH] CWE-787 llama.cpp: llama.cpp: Remote code execution via invalid n_discard parameter in server endpoints
llama.cpp: llama.cpp: Remote code execution via invalid n_discard parameter in server endpoints
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fills up, llama_memory_seq_rm/add receives a reversed range and negative offset, causing out-of-bounds memory writes in the token evaluation loop. This deterministic memory corruption can crash the process or enable remote code execution (RCE). There is no fix at the time of publication.
A flaw was found in llama.cpp. A remote attacker can exploit an input validation vulnerability in the server's completi
Debian
CVE-2026-21869: llama.cpp - llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 a...
vendor_debian·2026·CVSS 8.8
CVE-2026-21869 [HIGH] CVE-2026-21869: llama.cpp - llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 a...
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fills up, llama_memory_seq_rm/add receives a reversed range and negative offset, causing out-of-bounds memory writes in the token evaluation loop. This deterministic memory corruption can crash the process or enable remote code execution (RCE). There is no fix at the time of publication.
Scope: local
sid: open
No detection rules found.
No public exploits indexed.
2026-01-08
Published