Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Ollama by Ollama AI
CVE-2026-5757 (GCVE-0-2026-5757)
Vulnerability from nvd – Published: 2026-06-26 15:15 – Updated: 2026-06-26 18:38
VLAI
Title
There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine
Summary
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-26T15:52:23.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/518910"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T18:37:59.802606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T18:38:23.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ollama",
"vendor": "Ollama AI",
"versions": [
{
"status": "affected",
"version": "v0.13.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote information disclosure vulnerability in Ollama\u0027s model quantization engine allows an attacker to read and exfiltrate the server\u0027s heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-416 Use After Free",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T15:15:28.464Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/518910"
},
{
"url": "https://ollama.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "There exists an unauthenticated remote information disclosure vulnerability in Ollama\u0027s model quantization engine",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5757"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5757",
"datePublished": "2026-06-26T15:15:28.464Z",
"dateReserved": "2026-04-07T16:59:20.290Z",
"dateUpdated": "2026-06-26T18:38:23.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5757 (GCVE-0-2026-5757)
Vulnerability from cvelistv5 – Published: 2026-06-26 15:15 – Updated: 2026-06-26 18:38
VLAI
Title
There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine
Summary
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-26T15:52:23.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/518910"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T18:37:59.802606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T18:38:23.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ollama",
"vendor": "Ollama AI",
"versions": [
{
"status": "affected",
"version": "v0.13.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote information disclosure vulnerability in Ollama\u0027s model quantization engine allows an attacker to read and exfiltrate the server\u0027s heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-416 Use After Free",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T15:15:28.464Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/518910"
},
{
"url": "https://ollama.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "There exists an unauthenticated remote information disclosure vulnerability in Ollama\u0027s model quantization engine",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5757"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5757",
"datePublished": "2026-06-26T15:15:28.464Z",
"dateReserved": "2026-04-07T16:59:20.290Z",
"dateUpdated": "2026-06-26T18:38:23.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}