Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Key Points:

• A critical vulnerability (CVE-2026-7482) in the Ollama open-source LLM framework could allow remote attackers to leak entire process memory by exploiting an out-of-bounds read flaw in the GGUF model loader, potentially exposing sensitive data like API keys and user conversations.
• The exploit involves uploading a malicious GGUF file via the /api/create endpoint, triggering the memory leak, and then exfiltrating data through the /api/push endpoint; over 300,000 servers worldwide may be affected.
• Additionally, two unpatched vulnerabilities (CVE-2026-42248 and CVE-2026-42249) in Ollama's Windows update mechanism enable persistent arbitrary code execution by abusing missing signature verification and path traversal flaws, allowing attacker-controlled executables to run on user login.
• These Windows update flaws affect Ollama versions 0.12.10 through 0.22.0 and can be exploited if attackers control the update server or the update URL; users are advised to disable automatic updates and remove Ollama startup shortcuts until patches are released.
• Security experts recommend applying patches, restricting network access, deploying authentication proxies, and auditing exposed instances to mitigate risks from both the memory leak and update mechanism vulnerabilities.