I'm monitoring this, and will push an update once a fix has been released. >From the way it looks now, this will not need a new ggml release.
Best, Christian On 2026-02-20 08:58, Salvatore Bonaccorso wrote: > Source: llama.cpp > Version: 8064+dfsg-1 > Severity: important > Tags: security upstream > Forwarded: https://github.com/ggml-org/llama.cpp/issues/18988 > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > > Hi, > > The following vulnerability was published for llama.cpp. > > CVE-2026-2069[0]: > | A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted > | is the function llama_grammar_advance_stack of the file > | llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar > | Handler. This manipulation causes stack-based buffer overflow. The > | attack needs to be launched locally. The exploit has been published > | and may be used. Patch name: 18993. To fix this issue, it is > | recommended to deploy a patch.
