CVE-2026-7482

Ollama · Ollama

A heap out-of-bounds read vulnerability in the Ollama GGUF model loader allows unauthenticated attackers to exfiltrate sensitive memory contents, including API keys and conversation data.

Executive summary

Ollama versions prior to 0.17.1 are vulnerable to a critical heap out-of-bounds read exploit that can lead to the unauthorized exfiltration of sensitive system and user data.

Vulnerability

The vulnerability exists in the GGUF model loader within the /api/create endpoint. Unauthenticated attackers can supply a crafted GGUF file that triggers a heap out-of-bounds read, potentially leaking sensitive environment variables and API keys, which can then be exfiltrated via the /api/push endpoint.

Business impact

This vulnerability poses a severe risk to confidentiality, as sensitive credentials, system prompts, and proprietary user conversation data may be exposed. Given the CVSS score of 9.1, the potential for unauthorized data exfiltration is significant, which could lead to secondary compromises of connected infrastructure or cloud environments if API keys are harvested.

Remediation

Immediate Action: Upgrade Ollama to version 0.17.1 or later immediately to address the memory handling flaw in the GGUF loader.

Proactive Monitoring: Review access logs for the /api/create and /api/push endpoints for unusual patterns or payloads, and monitor for unauthorized outbound connections to unknown registries.

Compensating Controls: Restrict network access to the Ollama API to trusted internal IP addresses and ensure the service is not exposed to the public internet by avoiding OLLAMA_HOST=0.0.0.0 configurations.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

The severity of this flaw cannot be overstated, particularly for deployments accessible over the public internet. Organizations must prioritize the update to version 0.17.1 and audit their current network exposure to ensure that Ollama instances are not inadvertently reachable by untrusted actors.