CVE-2026-7020: A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagege
mediumvulnerability
security
Summary
A security flaw called CVE-2026-7020 was found in Ollama versions up to 0.20.2 that allows path traversal (an attack where someone manipulates file paths to access files they shouldn't be able to reach) through the digestToPath function in the Tensor Model Transfer Handler component. An attacker can exploit this remotely, though it requires high complexity to perform, and the vulnerability details have been released publicly.
Vulnerability Details
CVSS Score
5.6(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
network
Attack Complexity
high
Privileges Required
none
User Interaction
none
Disclosure Date
April 26, 2026
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7020
First tracked: April 26, 2026 at 02:08 AM
Classified by LLM (prompt v3) · confidence: 85%