CVE-2025-44779: An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/
Summary
Ollama v0.1.33 has a vulnerability (CVE-2025-44779) that allows attackers to delete arbitrary files (any files on a system) by sending a specially crafted request to the /api/pull endpoint. The vulnerability stems from improper input validation (the software not properly checking user input for malicious content) and overly permissive file access settings.
Vulnerability Details
6.6(medium)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-44779
First tracked: February 15, 2026 at 08:44 PM
Classified by LLM (prompt v3) · confidence: 85%