CVE-2026-27940

CVE-2026-27940 is a high-severity vulnerability in Ggml Llama.cpp with a CVSS 3.x base score of 7.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-122.

Key facts

Description

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past the buffer boundary. This is a bypass of a similar bug in the same file - CVE-2025-53630, but the fix overlooked some areas. This vulnerability is fixed in b8146.

Frequently asked questions

What is CVE-2026-27940?
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past the buffer boundary. This is a bypass of a similar bug in the same file - CVE-2025-53630, but the fix overlooked some areas. This vulnerability is fixed in b8146.
How severe is CVE-2026-27940?
CVE-2026-27940 has a CVSS 3.x base score of 7.8, rated high severity. It is exploitable over local access with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity high, and availability high.
Is CVE-2026-27940 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (7th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2026-27940?
CVE-2026-27940 affects Ggml Llama.cpp. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2026-27940?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
Does CVE-2026-27940 have an EU (EUVD) identifier?
Yes. CVE-2026-27940 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-11605.
When was CVE-2026-27940 published?
CVE-2026-27940 was published on 2026-03-12 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Ggml Llama.cpp

All CVEs affecting Ggml Llama.cpp →

Other CWE-122 (Heap-based Buffer Overflow) vulnerabilities

Browse all CWE-122 (Heap-based Buffer Overflow) vulnerabilities →