CVE-2026-10298

EUVD-2026-33831
A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
whisper.cpp
forky
unimportant
sid
unimportant
Common Weakness Enumeration
References
https://github.com/ggml-org/whisper.cpp/
https://github.com/ggml-org/whisper.cpp/issues/3807
https://vuldb.com/cve/CVE-2026-10298
https://vuldb.com/submit/826910
https://vuldb.com/vuln/367591
https://vuldb.com/vuln/367591/cti