CVE-2026-7482

critical Red Hat
CVSS v3 Base Score
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 89% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
None
Availability
High
Published: May 4, 2026 (66 days ago)
Last Modified: May 4, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Ollama. A remote attacker can exploit a heap out-of-bounds read vulnerability in the GGUF model loader by providing a specially crafted GGUF (GGML Unified Format) file to the /api/create endpoint. This allows the attacker to read beyond the allocated memory buffer, potentially disclosing sensitive information such as environment variables, API keys, system prompts, and user conversation data. The leaked data can then be exfiltrated by uploading the resulting model artifact through the /api/push endpoint to an attacker-controlled registry. Both /api/create and /api/push endpoints lack authentication in the upstream distribution, increasing the risk of exploitation.

CWE

CWE-125

References