Researchers have identified a critical vulnerability in the Ollama framework, which, if exploited, may enable remote, unauthenticated attackers to leak the entire process memory of affected servers. This out-of-bounds read vulnerability is tracked as CVE-2026-7482 and has a CVSS score of 9.1. The flaw, dubbed Bleeding Llama by Cyera, potentially impacts more than 300,000 servers globally.
Details of the Vulnerability
Ollama is an open-source framework designed for running large language models (LLMs) locally. It has garnered significant attention on GitHub, with over 171,000 stars and more than 16,100 forks. According to the description of the vulnerability, versions of Ollama prior to 0.17.1 contain a heap out-of-bounds read flaw within the GGUF model loader. The vulnerability arises when the /api/create endpoint accepts a GGUF file with a declared tensor offset and size that exceed the actual file length, leading to memory reads beyond the allocated buffer.
Potential Impact
The exploitation of this vulnerability could result in the leakage of sensitive information from the Ollama process memory, including environment variables, API keys, system prompts, and user conversation data. An attacker could execute a three-step exploitation chain: first, upload a specially crafted GGUF file to an exposed Ollama server; second, trigger the out-of-bounds read by using the /api/create endpoint; and finally, exfiltrate the leaked data via the /api/push endpoint to an external server.
Recommended Mitigations
Users of Ollama are advised to apply the latest patches, restrict network access, and audit their instances for any internet exposure. It is also recommended to isolate Ollama servers behind a firewall and implement an authentication proxy or API gateway, as the REST API does not include built-in authentication.
Additional Vulnerabilities in Ollama
In addition to CVE-2026-7482, researchers have highlighted two other unpatched vulnerabilities in Ollama’s Windows update mechanism, which could lead to persistent code execution. These vulnerabilities, tracked as CVE-2026-42248 and CVE-2026-42249, relate to a missing signature check and a path traversal flaw, respectively. Users are advised to disable automatic updates and remove any Ollama shortcuts from the Windows Startup folder to mitigate risks associated with these vulnerabilities.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
