{"data":{"id":"3312a2a7-ea5e-4a46-82ac-4f83df3650a7","title":"Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak","summary":"Ollama, a popular framework for running large language models locally, has a critical out-of-bounds read vulnerability (CVE-2026-7482, CVSS score 9.1) that allows attackers to leak sensitive data like API keys and conversation history from process memory by uploading a specially crafted GGUF file (a file format for storing language models). The vulnerability affects versions before 0.17.1 and potentially impacts over 300,000 servers globally.","solution":"Update to Ollama version 0.17.1 or later. Additionally, the source recommends: limit network access to Ollama instances, audit running instances for internet exposure, isolate and secure them behind a firewall, and deploy an authentication proxy or API gateway in front of all Ollama instances since the REST API does not provide authentication by default.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html","publishedAt":"2026-05-10T12:41:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Ollama"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-10T12:41:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}