All 6 CVE vulnerabilities found in ollama, with AI-generated Chinese analysis, references, and POCs.
Vendor: Ollama
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7482 | Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers CWE-125 | 9.1 | Critical | 2026-05-04 |
| CVE-2026-42249 | Remote Code Execution in Ollama via Update Mechanism CWE-494 | 8.8AI | HighAI | 2026-04-29 |
| CVE-2026-42248 | Missing Signature Verification for Updates in Ollama CWE-494 | 8.4AI | HighAI | 2026-04-29 |
| CVE-2026-7020 | Ollama Tensor Model Transfer transfer.go digestToPath path traversal CWE-22 | 5.6 | Medium | 2026-04-26 |
| CVE-2026-5530 | Ollama Model Pull API download.go server-side request forgery CWE-918 | 6.3 | Medium | 2026-04-05 |
| CVE-2025-15514 | Ollama Multi-Modal Model Image Processing NULL Pointer Dereference CWE-395 | 7.5AI | HighAI | 2026-01-12 |
All 6 known CVE vulnerabilities affecting ollama with full Chinese analysis, references, and POCs where available.