Heap Out-of-Bounds Read Vulnerability in Ollama by Ollama
CVE-2026-7482

8.8HIGH

Key Information:

Vendor

Ollama

Status
Ollama
Vendor
CVE Published:
4 May 2026

What is CVE-2026-7482?

The Ollama application is susceptible to a heap out-of-bounds read vulnerability within its GGUF model loader. This issue arises when the /api/create endpoint processes an attacker-defined GGUF file where the tensor offset and size exceed the file’s actual length. During quantization, the server inadvertently reads past the buffer allocated in memory, which can expose sensitive data such as environment variables, API keys, and user conversation data. Moreover, an attacker can exploit this vulnerability by uploading the resulting model artifact to a registry they control via the /api/push endpoint. Notably, the lack of authentication for these endpoints exacerbates the risk, especially considering that many default configurations expose the application to the public internet.

Affected Version(s)

ollama 0 < 0.17.1

References

https://github.com/ollama/ollama/pull/14406
patch
https://github.com/ollama/ollama/commit/88d57d0483cca907e...
patch
https://github.com/ollama/ollama/releases/tag/v0.17.1
release-notes

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Cyera Research Team (Dor Attias, Ofek Itach)
.