CVE-2026-7482: Critical Ollama Heap Out-of-Bounds Read Exposes Sensitive AI Data
The National Vulnerability Database has disclosed CVE-2026-7482, a critical heap out-of-bounds read vulnerability in Ollama versions prior to 0.17.1. This flaw resides in the GGUF model loader, allowing an attacker to craft a malicious GGUF file. When this file is processed via the /api/create endpoint, the server attempts to read beyond the allocated heap buffer during quantization, leading to memory disclosure.
This vulnerability is severe because the leaked memory can contain highly sensitive data, including environment variables, API keys, system prompts, and conversation data from concurrent users. An attacker can exfiltrate this information by uploading the resulting model artifact through the /api/push endpoint to an attacker-controlled registry. Critically, the National Vulnerability Database notes that both /api/create and /api/push endpoints lack authentication in the upstream distribution.
While default deployments bind to 127.0.0.1, the OLLAMA_HOST=0.0.0.0 configuration is widely adopted, significantly increasing public-internet exposure for vulnerable instances. The National Vulnerability Database assigns this a CVSS score of 9.1 (CRITICAL), underscoring the immediate threat this poses to data confidentiality and system integrity.
What This Means For You
- If your organization uses Ollama, especially in a publicly accessible configuration, you need to act immediately. Patch to Ollama 0.17.1 or newer without delay. Audit your Ollama deployments for `OLLAMA_HOST=0.0.0.0` configurations, as these are exposed by default. Assume any unpatched, internet-facing instance has already been compromised and sensitive data, including API keys and user prompts, may have been exfiltrated. Rotate credentials, regenerate API keys, and investigate for anomalous model uploads or downloads.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7482: Ollama API Create Endpoint GGUF Upload
title: CVE-2026-7482: Ollama API Create Endpoint GGUF Upload
id: scw-2026-05-04-ai-1
status: experimental
level: critical
description: |
Detects the initial access attempt for CVE-2026-7482 by monitoring POST requests to the /api/create endpoint of Ollama. This endpoint is used to upload a specially crafted GGUF file that exploits a heap out-of-bounds read vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-04
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7482/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-method:
- 'POST'
cs-uri:
- '/api/create'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7482 | Information Disclosure | Ollama before 0.17.1 |
| CVE-2026-7482 | Heap Out-of-Bounds Read | GGUF model loader vulnerability in Ollama |
| CVE-2026-7482 | Information Disclosure | Vulnerable endpoint: /api/create with malicious GGUF file |
| CVE-2026-7482 | Information Disclosure | Exfiltration endpoint: /api/push to attacker-controlled registry |
| CVE-2026-7482 | Auth Bypass | /api/create and /api/push endpoints lack authentication in Ollama |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 04, 2026 at 16:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-6266: AAP Gateway Email Auto-Link Flaw Allows Account Hijack
CVE-2026-6266 — A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP)...
CVE-2026-34032 — Apache HTTP Server: Out-of-Bounds $1
CVE-2026-34032 — Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade...
CVE-2026-33857 — Apache HTTP Server: Out-of-Bounds $1
CVE-2026-33857 — Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to...