CVE-2026-7482: Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint
Summary
Ollama versions before 0.17.1 have a heap out-of-bounds read vulnerability (a bug where code reads memory outside its intended boundaries) in the GGUF model loader (the component that loads GGUF files, a machine learning model format). An attacker can upload a malicious GGUF file through the /api/create endpoint (an unprotected interface) with fake tensor size information, causing the server to read beyond the file's actual data and leak sensitive information like API keys and user conversations, which can then be stolen through the /api/push endpoint.
Solution / Mitigation
Update Ollama to version 0.17.1 or later.
Vulnerability Details
9.1(critical)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
network
low
none
none
May 4, 2026
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7482
First tracked: May 4, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 95%