{"data":{"id":"dc3f169b-a8c4-488f-91b9-d731b676982c","title":"CVE-2026-42248: Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike othe","summary":"Ollama for Windows has a vulnerability (CVE-2026-42248) where it does not verify that downloaded updates are authentic and haven't been tampered with before installing them. Because Ollama automatically installs updates without asking the user, an attacker could trick the software into downloading and running malicious code without the user knowing.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42248","publishedAt":"2026-04-29T12:16:18.917Z","cveId":"CVE-2026-42248","cweIds":["CWE-494"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Ollama"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00008,"patchAvailable":null,"disclosureDate":"2026-04-29T12:16:18.917Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}