Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Unauthenticated network-reachable API path triggers a heap read (AV:N/AC:L/PR:N/UI:N) yielding high confidentiality loss only, with no integrity or availability impact.
Primary rating from Vendor (certcc).
CVSS VectorVendor: certcc
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
AnalysisAI
Information disclosure in Ollama's model quantization engine (confirmed affected in v0.13.5) allows remote, unauthenticated attackers to read and exfiltrate the server's heap memory, exposing sensitive in-process data such as model contents, API keys, or other secrets resident in memory. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial network exploitation against an exposed Ollama instance with no authentication. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the Ollama HTTP API be network-reachable by the attacker and that a request reach the model quantization engine code path; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication, user interaction, or special privileges are needed once the endpoint is reachable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Risk signals are partly favorable to defenders and partly concerning. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker locates an Ollama instance whose API (port 11434) is reachable over the network, then sends a crafted request that drives the quantization engine to return heap memory beyond the intended buffer. The leaked memory may contain model data, credentials, or other secrets, which the attacker repeatedly harvests to enable further compromise. … |
| Remediation | No vendor-released patch version is identified in the provided data, so a specific fixed release cannot be cited - monitor the CERT/CC note (https://kb.cert.org/vuls/id/518910) and the vendor site (https://ollama.com) for an updated build superseding v0.13.5 and upgrade as soon as one is published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Immediately isolate Ollama v0.13.5 instances from internet-facing access using network segmentation, firewall rules, or VPN requirements; review access logs for unauthorized connections. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
Denial of service in Ollama's multi-modal image processing (versions 0.11.5-rc0 through 0.13.5) lets remote attackers cr
An issue was discovered in Ollama before 0.1.46. Rated high severity (CVSS 8.2), this vulnerability is remotely exploita
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function rea
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder [CVSS 7.5 HIGH]
A divide by zero vulnerability exists in ollama/ollama version v0.3.3. Rated high severity (CVSS 7.5), this vulnerabilit
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that,
A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be u
An issue was discovered in Ollama before 0.1.46. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita
An issue was discovered in Ollama before 0.1.34. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39786
GHSA-c839-jg98-xwx3