VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Ollama: heap OOB read (CVE‑2026‑7482) — secret leak & RCE risk

Ollama: критическая утечка памяти (CVE‑2026‑7482) и риск RCE

Colleagues — security alert: a heap OOB read in GGUF (Bleeding Llama, CVE‑2026‑7482) was found in Ollama. Via /api/create and /api/push an attacker can leak API keys, environment variables, system prompts and conversations. Affects versions < 0.17.1; likely hundreds of thousands of servers.

Separately, two Windows update flaws (CVE‑2026‑42248, CVE‑2026‑42249) may allow persistent code execution when auto‑update is enabled.

Impact: secret exfiltration and risk of further compromise.

Mitigation: apply patches, restrict network access, enforce API gateway/authentication; on Windows—disable auto‑updates and remove Startup shortcut.

How do you plan to protect deployed Ollama instances?

#cybersecurity #LLM #Ollama #vulnerabilities

Latest comments

No comments yet.