Heap Out-of-Bounds Read Vulnerability in Ollama by Ollama
CVE-2026-7482

8.8HIGH

Key Information:

Vendor

Ollama

Status
Ollama
Vendor
CVE Published:
4 May 2026

Badges

πŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 22,700πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2026-7482?

CVE-2026-7482 is a critical heap out-of-bounds read vulnerability found in the Ollama software created by Ollama. This software is primarily used for managing and running machine learning models. The vulnerability exists in the handling of GGUF model files within the application, specifically at the API endpoints for model creation. Attackers can exploit this vulnerability by submitting specially crafted GGUF files, where the parameters supplied exceed the actual length of the file. This results in the server reading beyond the allocated memory buffer, potentially leaking sensitive information stored in memory.

The implications for organizations utilizing this software are severe. Since the compromised data may include sensitive details like API keys and environment variables, attackers can leverage this information to gain unauthorized access to systems, exfiltrate data, or conduct further attacks. Moreover, as the vulnerable endpoints lack authentication, this issue exacerbates the risk, especially if the default configurations are deployed, making the service accessible over the internet.

Potential impact of CVE-2026-7482

  1. Data Exfiltration: The vulnerability allows attackers to access sensitive data, including environment variables and API keys, which can be used for unauthorized access to internal systems or third-party services.

  2. Increased Attack Surface: With the lack of authentication on critical API endpoints, any exposed instance of Ollama could be targeted by malicious actors. This increases the overall risk for organizations, especially those using default configurations that may inadvertently expose their instances to the internet.

  3. Threat of Model Manipulation: Attackers could potentially upload the manipulated model artifacts back to an attacker-controlled registry through the vulnerable API, enabling them to further engineer attacks against the organization or disrupt the functionality of the Ollama software.

Affected Version(s)

ollama 0 < 0.17.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-7482-PoC
Created by 0x0OZ

CVE-2026-7482
Created by szybnev

News Articles

favicon imageNewsbreak

Bleeding Llama (CVE-2026-7482): Critical Unauthenticated Memory Leak in Ollama - NewsBreak

A critical vulnerability in Ollama allows unauthenticated attackers to extract the entire process memory of exposed servers using just three API calls. Tra

2 weeks ago

References

https://github.com/ollama/ollama/pull/14406
patch
https://github.com/ollama/ollama/commit/88d57d0483cca907e...
patch
https://github.com/ollama/ollama/releases/tag/v0.17.1
release-notes

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • πŸ“°

    First article discovered by Newsbreak

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Cyera Research Team (Dor Attias, Ofek Itach)
.