CVE-2026-5530: Ollama SSRF Vulnerability (18.0.0-18.1)
Platform
go
Component
github.com/imply/ollama
CVE-2026-5530 describes a server-side request forgery (SSRF) vulnerability discovered in Ollama, specifically within the file server/download.go component of the Model Pull API. Successful exploitation allows an attacker to manipulate file processing requests, potentially leading to unauthorized access to internal resources. This vulnerability affects Ollama versions 18.0.0 through 18.1, and as of the publication date, no official patch has been released.
How to fix
Actualice Ollama a una versión corregida. La vulnerabilidad es una falsificación de solicitud del lado del servidor (SSRF) en la API de descarga de modelos. Verifique las notas de la versión de Ollama para obtener instrucciones específicas de actualización.
Frequently asked questions
What is CVE-2026-5530?
CVE-2026-5530 is a server-side request forgery (SSRF) vulnerability in Ollama's Model Pull API. It allows attackers to potentially access internal resources by manipulating file processing requests.
Am I affected by CVE-2026-5530?
You are potentially affected if you are running Ollama version 18.0.0 through 18.1. It is crucial to monitor for updates or mitigations from the vendor.
How can I fix or mitigate CVE-2026-5530?
As of the publication date, no official patch is available. Consider implementing network segmentation and restricting outbound access from the Ollama service to mitigate the risk until a patch is released.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free