CVE-2026-47749: stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Ima
Summary
stable-diffusion.cpp, a C/C++ library for running AI image generation models, has a heap buffer overflow vulnerability (a memory corruption bug where data writes beyond allocated memory) in how it parses PyTorch checkpoint files (.ckpt files). A malicious checkpoint file could crash the application or potentially execute harmful code if loaded by an application using vulnerable versions before master-584-0a7ae07.
Solution / Mitigation
Update to version master-584-0a7ae07 or later. As a temporary workaround if immediate updates are not possible, avoid loading .ckpt files from untrusted sources and use trusted model sources or safer formats such as .safetensors instead.
Vulnerability Details
7.8(high)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
local
low
none
required
June 16, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-47749
First tracked: June 17, 2026 at 08:03 AM
Classified by LLM (prompt v3) · confidence: 92%