CVE-2026-50144: ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434
Summary
ncnn is a framework that runs AI neural networks efficiently on mobile devices. A vulnerability exists where loading a malicious model file can cause an out-of-bounds heap write (writing data to memory locations outside the intended array), because the code only checks if a parameter ID is too large, but doesn't prevent negative IDs from accessing memory before the array.
Solution / Mitigation
This vulnerability is fixed by commit 5a0288f255daa6c3294f77109f67718e434ec020.
Vulnerability Details
7.1(high)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
local
low
none
required
July 15, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-50144
First tracked: July 16, 2026 at 02:07 AM
Classified by LLM (prompt v3) · confidence: 85%