CVE-2026-10298 | ggml-org whisper.cpp up to 1.8.2 ggml/src/ggml.c whisper_model_load null pointer dereference (Issue 3807)

A vulnerability was found in ggml-org whisper.cpp up to 1.8.2. It has been declared as problematic. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference.

This vulnerability is known as CVE-2026-10298. Attacking locally is a requirement. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More