CVE-2026-10298
3.3 LOWA security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 3.3 LOW
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-404, CWE-476
Description
A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10298
- [Other]https://github.com/ggml-org/whisper.cpp/
- [Other]https://github.com/ggml-org/whisper.cpp/issues/3807
- [Other]https://vuldb.com/cve/CVE-2026-10298
- [Other]https://vuldb.com/submit/826910
- [Other]https://vuldb.com/vuln/367591
- [Other]https://vuldb.com/vuln/367591/cti
Related CVEs
Same CWE
- CVE-2026-53463 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.3 MEDIUM)
- CVE-2026-47213 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (6.5 MEDIUM)
- CVE-2026-24716 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-22899 — A NULL pointer dereference vulnerability has been reported to affect File Station 6
- CVE-2025-66281 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions