Ollama
CVE-2026-15685
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Unauthenticated low-complexity request over the network (AV:N/AC:L/PR:N/UI:N) crashes the service, so availability-only A:H with C:N/I:N; scope unchanged.
Primary rating from Vendor (zdi).
CVSS VectorVendor: zdi
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the downloadBlob function. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated array. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-27277.
AnalysisAI
Denial-of-service in Ollama's downloadBlob function lets remote, unauthenticated attackers crash affected installations by supplying malformed data that triggers an out-of-bounds array access. The flaw (ZDI-CAN-27277 / ZDI-26-403, CWE-129) carries a CVSS 7.5 with an availability-only impact and requires no authentication or user interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the Ollama HTTP API (default port 11434) and the ability to invoke the blob/model download code path handled by downloadBlob; no authentication, credentials, or user interaction are needed (PR:N/UI:N/AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.0 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, base 7.5) describes a low-complexity, network-reachable, unauthenticated attack with impact limited strictly to availability - no confidentiality or integrity loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach an Ollama instance exposed beyond localhost sends a single crafted request to the model/blob download path containing a manipulated index or length value. The malformed input drives an out-of-bounds array access in downloadBlob, causing the Ollama process to panic and terminate, taking the LLM service offline for all users. … |
| Remediation | No vendor-released patch version was identified in the provided data, so upgrade to the latest available Ollama release once the maintainers publish a fixed build and monitor the ZDI advisory ZDI-26-403 (https://www.zerodayinitiative.com/advisories/ZDI-26-403/) and Ollama's release notes for the confirmed fixed version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit network architecture to identify any Ollama instances accessible from the internet; implement firewall rules or network segmentation to restrict access to trusted internal networks only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
Denial of service in Ollama's multi-modal image processing (versions 0.11.5-rc0 through 0.13.5) lets remote attackers cr
An issue was discovered in Ollama before 0.1.46. Rated high severity (CVSS 8.2), this vulnerability is remotely exploita
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function rea
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder [CVSS 7.5 HIGH]
A divide by zero vulnerability exists in ollama/ollama version v0.3.3. Rated high severity (CVSS 7.5), this vulnerabilit
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that,
A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be u
An issue was discovered in Ollama before 0.1.46. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita
An issue was discovered in Ollama before 0.1.34. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita
Same weakness CWE-129 – Improper Validation of Array Index
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today