Ollama: heap OOB read (CVE‑2026‑7482) — secret leak & RCE risk

Colleagues — security alert: a heap OOB read in GGUF (Bleeding Llama, CVE‑2026‑7482) was found in Ollama. Via /api/create and /api/push an attacker can leak API keys, environment variables, system prompts and conversations. Affects versions < 0.17.1; likely hundreds of thousands of servers.
Separately, two Windows update flaws (CVE‑2026‑42248, CVE‑2026‑42249) may allow persistent code execution when auto‑update is enabled.
Impact: secret exfiltration and risk of further compromise.
Mitigation: apply patches, restrict network access, enforce API gateway/authentication; on Windows—disable auto‑updates and remove Startup shortcut.
How do you plan to protect deployed Ollama instances?
#cybersecurity #LLM #Ollama #vulnerabilities


Latest comments
No comments yet.