Unauthenticated Remote Information Disclosure in Ollama's Model Quantization Engine
CVE-2026-5757

Currently unrated

Key Information:

Vendor: Ollama Ai
Status: Ollama
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-5757?

An unauthenticated remote information disclosure vulnerability exists in Ollama's model quantization engine, enabling unauthorized attackers to access and exfiltrate sensitive data from the server's heap memory. This exposure can lead to further compromises and provide attackers with stealthy persistence options within the affected systems.

Affected Version(s)

Ollama v0.13.5

References

https://kb.cert.org/vuls/id/518910

https://ollama.com

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Apr 7, 2026

CVE-2026-5757 Data

JSON

Ollama Ai

What is CVE-2026-5757?

Affected Version(s)

References

Timeline