CVE-2026-7482: Heap OOB Read in Ollama
Plattform
go
Komponente
ollama
Behoben in
0.17.1
CVE-2026-7482 describes a critical heap out-of-bounds read vulnerability discovered in Ollama versions 0.0.0 through 0.17.1. This vulnerability allows attackers to potentially extract sensitive information from the server's memory. Successful exploitation can lead to the exposure of API keys, environment variables, system prompts, and even the conversation data of concurrent users. The vulnerability is fixed in version 0.17.1.
Erkenne diese CVE in deinem Projekt
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.
Auswirkungen und Angriffsszenarien
The core of the vulnerability lies in the GGUF model loader within Ollama. An attacker can craft a malicious GGUF file where the declared tensor offset and size exceed the file's actual length. When the server attempts to quantize this file, it reads past the allocated heap buffer in fs/ggml/gguf.go and server/quantization.go. This out-of-bounds read allows the attacker to potentially access arbitrary memory regions. The leaked memory contents can include highly sensitive data, such as API keys used to access external services, environment variables containing configuration secrets, system prompts that define the model's behavior, and the conversation history of other users interacting with the Ollama instance. The attacker can then exfiltrate this data by uploading the resulting model artifact through the /api/push endpoint.
Ausnutzungskontext
CVE-2026-7482 was published on 2026-05-04. The vulnerability's severity is rated as CRITICAL (CVSS 9.1). There is currently no public proof-of-concept (POC) code available, but the ease of crafting a malicious GGUF file suggests a moderate likelihood of exploitation. The vulnerability is not currently listed on KEV or EPSS, but its critical severity warrants close monitoring. Active campaigns targeting Ollama are not currently known, but the potential for data exfiltration makes it an attractive target.
Bedrohungsanalyse
Exploit-Status
EPSS
0.10% (27% Perzentil)
CISA SSVC
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Keine — ohne Authentifizierung ausnutzbar. Keine Zugangsdaten erforderlich.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Keine — kein Integritätseinfluss.
- Availability
- Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- EPSS aktualisiert
Mitigation und Workarounds
The primary mitigation for CVE-2026-7482 is to immediately upgrade Ollama to version 0.17.1 or later. This version contains the necessary fix to prevent the out-of-bounds read. If upgrading is not immediately feasible, consider implementing stricter input validation on the /api/create endpoint to prevent the acceptance of potentially malicious GGUF files. While not a complete solution, this can reduce the attack surface. Network segmentation can also limit the potential for lateral movement if the Ollama instance is compromised. Monitor Ollama logs for unusual activity, particularly related to file uploads and model quantization processes. Consider implementing a Web Application Firewall (WAF) with rules to detect and block suspicious GGUF file uploads.
So behebenwird übersetzt…
Actualice a la versión 0.17.1 o posterior para mitigar la vulnerabilidad de lectura fuera de límites en el analizador de tensores GGUF. Esta actualización corrige el problema al verificar los límites del búfer antes de acceder a la memoria.
Häufig gestellte Fragen
What is CVE-2026-7482 — Heap OOB Read in Ollama?
CVE-2026-7482 is a critical vulnerability in Ollama versions 0.0.0–0.17.1 that allows attackers to read beyond the allocated memory buffer when processing malicious GGUF files, potentially exposing sensitive data.
Am I affected by CVE-2026-7482 in Ollama?
If you are running Ollama versions 0.0.0 through 0.17.1, you are potentially affected by this vulnerability. Upgrade to version 0.17.1 or later to mitigate the risk.
How do I fix CVE-2026-7482 in Ollama?
The recommended fix is to upgrade Ollama to version 0.17.1 or later. This version includes a patch that addresses the out-of-bounds read vulnerability.
Is CVE-2026-7482 being actively exploited?
While there are no currently known active campaigns exploiting CVE-2026-7482, the vulnerability's critical severity and ease of exploitation suggest a potential for future attacks.
Where can I find the official Ollama advisory for CVE-2026-7482?
Refer to the official Ollama security advisory for detailed information and updates regarding CVE-2026-7482: [https://github.com/jmorganca/ollama/security/advisories/GHSA-xxxx-xxxx-xxxx](https://github.com/jmorganca/ollama/security/advisories/GHSA-xxxx-xxxx-xxxx) (replace with actual advisory link when available).
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Erkenne diese CVE in deinem Projekt
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.
Scannen Sie jetzt Ihr Go-Projekt – kein Konto
Laden Sie Ihr go.mod hoch und erhalten Sie den Schwachstellenbericht sofort. Kein Konto. Das Hochladen der Datei ist nur der Anfang: mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack-/E-Mail-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...