cbcvebase.
CVE-2026-21869
published 2026-01-08

CVE-2026-21869: llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the…

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.44%
35.0th percentile
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fills up, llama_memory_seq_rm/add receives a reversed range and negative offset, causing out-of-bounds memory writes in the token evaluation loop. This deterministic memory corruption can crash the process or enable remote code execution (RCE). There is no fix at the time of publication.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianllama.cpp
ggml-orgllama.cpp<= 55d4206c8

Detection & IOCsextracted from sources · hover to see the quote

versionllama.cpp commit 55d4206c8 and prior
commandn_discard=<negative integer> in JSON POST body to completion endpoints
  • Monitor HTTP requests to llama.cpp server completion endpoints (e.g., /completion, /v1/completions) for JSON bodies containing a negative integer value for the 'n_discard' parameter.
  • Alert on process crashes or unexpected termination of the llama.cpp server process, which may indicate exploitation attempts triggering out-of-bounds memory writes.
  • Flag any unauthenticated remote requests supplying a negative 'n_discard' value in JSON input to the server's completion endpoints, especially from untrusted networks.
  • Inspect calls to llama_memory_seq_rm/add for reversed range arguments or negative offset values, which are the direct result of exploitation.
  • ·There is no fix available at the time of publication; affected deployments should restrict network access to the llama.cpp server to trusted clients only.
  • ·Risk is elevated for deployments where the llama.cpp server is exposed to untrusted or public networks, as exploitation requires no authentication.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.