CVE-2026-34159

CVE-2026-34159 is a critical vulnerability in llama.cpp, a C/C++ inference engine for large language models (LLMs). In versions prior to b8492, the RPC backend's deserialize_tensor() function skips all bounds validation when a tensor's buffer field is 0, enabling improper handling of memory buffers. This flaw, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An unauthenticated attacker with TCP access to the RPC server port can exploit this issue by sending crafted GRAPH_COMPUTE messages to read and write arbitrary process memory. When combined with pointer leaks obtainable via ALLOC_BUFFER and BUFFER_GET_BASE operations, attackers achieve full ASLR bypass, culminating in remote code execution. No privileges or user interaction are required, making it highly accessible over the network.

The vulnerability has been patched in llama.cpp version b8492. Official mitigation details are available in the GitHub security advisory (GHSA-j8rj-fmpv-wcxw), the fixing pull request (#20908), and the commit (39bf0d3c6a95803e0f41aaba069ffbee26721042), which recommend upgrading to the patched version to restore proper bounds checking in deserialize_tensor().

This issue is particularly relevant to AI/ML deployments relying on llama.cpp for efficient LLM inference, as exposed RPC servers could enable compromise of model-serving infrastructure. No public evidence of real-world exploitation has been reported as of the CVE publication on 2026-04-01.