Ollama GGUF model loader heap out-of-bounds read security flaw (CVE-2026-7482)

Vulnerability

First reported

10.05.2026 15:41

Last updated

10.05.2026 15:41

Happening score

H score 17

1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-7482 in Ollama is a critical GGUF model loader out-of-bounds read that can let a remote, unauthenticated attacker leak entire process memory from exposed servers. The flaw affects versions before 0.17.1 and is reachable through /api/create, making internet-facing deployments especially risky. Successful exploitation can expose API keys, system prompts, and other heap-resident data, which may then be exfiltrated through /api/push.

Related Happenings

ChromaDB Python API exposure mitigation (CVE-2026-45829)

Advisory/Mitigation

First: 20.05.2026 01:25 Last: 20.05.2026 01:25 Sources 1

About this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...

Open Happening

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave

First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...