CERT Polska Ollama for Windows update-chain mitigation

Advisory/Mitigation

First reported

10.05.2026 15:41

Last updated

10.05.2026 15:41

Happening score

H score 20

1 unique sources, 1 articles

Summary

Hide ▲

Mitigation guidance now tells Ollama for Windows users to disable automatic updates and remove the Startup folder shortcut because the unpatched update-chain flaws can enable silent on-login execution. The workaround is aimed at installations in the vulnerable 0.12.10 through 0.17.5 range. It matters because the flaw path can turn the Windows update flow into persistent code execution at user login.

Timeline

10.05.2026 15:41 2 articles · 17d ago

CERT Polska advises Ollama for Windows mitigation steps

Mitigation Patch Update
CERT Polska recommends that Ollama for Windows users disable automatic updates and remove any Ollama shortcut from the Windows Startup folder to reduce exposure to the unpatched update-chain flaws that can enable silent on-login execution and persistent code execution at user privilege level. The guidance applies to vulnerable installations in the 0.12.10 through 0.17.5 range while the disclosure process remains unresolved.
Show sources

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak — thehackernews.com — 10.05.2026 15:41

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak — thehackernews.com — 10.05.2026 15:41
Open in new tab

Summary

Timeline

CERT Polska advises Ollama for Windows mitigation steps