Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
Summary
A critical vulnerability called Bleeding Llama (CVE-2026-7482, CVSS score 9.3) affects Ollama, an open source tool for running large language models (LLMs, AI systems trained on massive amounts of text) on local machines. An attacker can exploit a heap out-of-bounds read (a bug where the program accesses memory it shouldn't) to steal sensitive data like API keys, passwords, and user messages from approximately 300,000 internet-exposed Ollama deployments without needing any authentication.
Solution / Mitigation
The vulnerability was addressed in Ollama version 0.17.1. Organizations should apply this fix as soon as possible, restrict network access to their deployments, deploy an authentication proxy (a middleman service that requires login), use network segmentation (isolating systems from the internet), and audit running instances for internet exposure. Any instance accessible from the internet should be considered compromised.
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://www.securityweek.com/critical-bug-could-expose-300000-ollama-deployments-to-information-theft/
First tracked: May 5, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%