Search criteria
1 vulnerability by Ollama AI
CVE-2026-5757 (GCVE-0-2026-5757)
Vulnerability from cvelistv5 – Published: 2026-06-26 15:15 – Updated: 2026-06-26 18:38
VLAI?
Title
There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine
Summary
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
Severity ?
7.5 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-26T15:52:23.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/518910"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T18:37:59.802606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T18:38:23.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ollama",
"vendor": "Ollama AI",
"versions": [
{
"status": "affected",
"version": "v0.13.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote information disclosure vulnerability in Ollama\u0027s model quantization engine allows an attacker to read and exfiltrate the server\u0027s heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-416 Use After Free",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T15:15:28.464Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/518910"
},
{
"url": "https://ollama.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "There exists an unauthenticated remote information disclosure vulnerability in Ollama\u0027s model quantization engine",
"x_generator": {
"engine": "VINCE 3.0.43",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5757"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5757",
"datePublished": "2026-06-26T15:15:28.464Z",
"dateReserved": "2026-04-07T16:59:20.290Z",
"dateUpdated": "2026-06-26T18:38:23.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}