PatchSiren cyber security CVE debrief
CVE-2026-47750 leejet CVE debrief
CVE-2026-47750 is a HIGH severity vulnerability in stable-diffusion.cpp, a C/C++ library for running diffusion model inference. A heap buffer overflow occurs in the pickle .ckpt parser in src/model.cpp due to a missing validation when searching for newline-delimited fields. This allows an attacker to craft a malicious .ckpt file that can cause immediate heap corruption when loaded. The attack requires the victim or application to load a .ckpt file from an untrusted source. The issue has been resolved in version master-584-0a7ae07.
- Vendor
- leejet
- Product
- stable-diffusion.cpp
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Developers and users of the stable-diffusion.cpp library, especially those loading .ckpt files from untrusted sources.
Technical summary
The pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption.
Defensive priority
HIGH
Recommended defensive actions
- Update to version master-584-0a7ae07 or later.
- Do not load .ckpt checkpoint files from untrusted sources.
- Prefer trusted model sources and safer formats such as .safetensors where possible.
Evidence notes
The CVE-2026-47750 vulnerability has been publicly disclosed and a patch is available. The National Vulnerability Database (NVD) has assigned a CVSS score of 7.8, indicating a HIGH severity vulnerability.
Official resources
CVE-2026-47750 was published on 2026-06-16T20:16:44.413Z and modified on 2026-06-16T20:44:11.730Z.