Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-7482 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-05-04 |
| Vendor | Ollama |
| Product | Ollama |
| CVSS Score | 9.1 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file’s actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (WriteTo()), the server reads past the allocated heap buffer. The leaked memory contents may include environment variables, API keys, system prompts, and concurrent users’ conversation data, and can lead to disclosure of sensitive information and downstream compromise of systems that rely on those credentials.
Required Actions
Update Ollama to version 0.17.1 or later immediately. Until the patch is deployed, restrict access to the /api/create endpoint to trusted users via a reverse proxy with authentication. After upgrading, rotate all API keys and secrets used by the Ollama instance, as they may have been exposed. Review logs for requests to /api/create carrying unusual GGUF files.
Who Is Affected?
This vulnerability affects Ollama in versions prior to 0.17.1. Check whether your organization runs Ollama for LLM hosting and immediately update the installation and rotate secrets.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
