There exists an unauthenticated remote information disclosure vulnerability in Ollama’s...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.

Basic Information

ID CVE-2026-5757

Source certcc

Published Jun 26, 2026 at 15:15

Modified Jun 26, 2026 at 18:38

Affected Product

Vendor Ollama AI

Product Ollama

Version v0.13.5

Affected Versions Ollama AI Ollama v0.13.5

References

{
    "lastseen": "",
    "description": "Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.",
    "published": "2026-06-26T15:15:28.464Z",
    "modified": "2026-06-26T18:38:23.503Z",
    "type": "cve",
    "title": "There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine",
    "source": "certcc",
    "references": "https://kb.cert.org/vuls/id/518910\nhttps://ollama.com",
    "id": "CVE-2026-5757",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Ollama AI Ollama v0.13.5",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ollama",
    "version": "v0.13.5",
    "vendor": "Ollama AI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

There exists an unauthenticated remote information disclosure vulnerability in Ollama’s model quantization engine_CVE-2026-5757

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply