CVE-2026-5530: Ollama SSRF Vulnerability (18.0.0-18.1)
Plattform
go
Komponente
github.com/imply/ollama
CVE-2026-5530 describes a server-side request forgery (SSRF) vulnerability discovered in Ollama versions 18.0.0 to 18.1. This flaw resides within the file server/download.go component of the Model Pull API, allowing attackers to potentially manipulate requests and access internal resources. The vulnerability is remotely exploitable and impacts users relying on these affected versions of Ollama. No official patch is currently available.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-5530?
CVE-2026-5530 is a server-side request forgery (SSRF) vulnerability in Ollama versions 18.0.0 through 18.1. It allows an attacker to make requests on behalf of the server, potentially accessing internal resources.
Am I affected by CVE-2026-5530?
You are potentially affected if you are using Ollama version 18.0.0 or 18.1. It's crucial to monitor for updates or mitigation strategies from the Ollama project.
How can I fix or mitigate CVE-2026-5530?
Currently, no official patch is available. As a mitigation, restrict network access to the Ollama server and carefully validate any external resources accessed by the Model Pull API.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten