Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Details
CVSS v3
9.1
CVSS v4
8.8
NVD published
2026-05-04 13:16:01
EPSS
0.1% probability · 27.1th percentile — 2026-05-12
Affected versions
Ollama versions before 0.17.1, publicly exposed instances using OLLAMA_HOST=0.0.0.0
Summary
This unauthenticated vulnerability allows remote attackers to leak sensitive memory contents from accessible Ollama servers. Attackers can upload a crafted GGUF model that triggers an out-of-bounds read during parsing, leaking API keys, environment variables, and user conversation data. Publicly exposed deployments with unauthenticated endpoints are at high risk.
Remediation
Upgrade Ollama to version 0.17.1 or newer immediately. Keep Ollama bound to localhost by default if public access is not required. Add authentication and network access controls for any publicly accessible Ollama instances.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.