Today there is only one critical or high-risk AI / LLM vulnerability selected and summarized for you.
Selection note: candidates match AI / LLM / ML-platform keywords in our stored source text. NVD published today first; then NVD last modified today with publication within roughly the last 30 days.
CVE: CVE-2026-7482
CVSS: 9.1
Risk level: CRITICAL
Affected versions: Ollama before 0.17.1
Summary: Ollama versions before 0.17.1 contain a heap out-of-bounds read vulnerability in the GGUF model parsing component. Unauthenticated attackers can exploit this by uploading a maliciously crafted GGUF file to the unauthenticated /api/create endpoint, which is widely exposed in public deployments configured with OLLAMA_HOST=0.0.0.0. Successful exploitation allows attackers to access and exfiltrate sensitive memory contents including API keys, environment variables, system prompts, and user conversation data.
Remediation: Upgrade Ollama to version 0.17.1 or the latest stable release immediately to patch this vulnerability. If immediate upgrades are not possible, restrict network access to the Ollama service to only trusted IPs and add authentication for all API endpoints. Avoid exposing Ollama instances directly to the public internet, and rotate all stored credentials if exploitation is suspected.
Exploit info: No public exploit found yet.
This digest is for your personal use only. Please do not share or forward. Unauthorized distribution may result in account termination.