HIGH🇬🇧 English

CVE-2026-5757

CVSS 7.5v3.1pub. 2026-06-26upd. 2026-06-29

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Ollama

    APP
    Ollama
    ≤ 0.13.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-63389CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelnienia w API platformy Ollama (auth bypass)

CVE-2026-7482HIGH8.8ten sam produkt

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/creat...

CVE-2026-42248HIGH7.7ten sam produkt

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. U...

CVE-2026-42249HIGH7.7ten sam produkt

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper hand...

CVE-2025-66959HIGH7.5ten sam produkt

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder