Critical Vulnerability in Ollama Allows Data Exfiltration via Model Uploads

Severity: High (Score: 69.9)

Sources: Gbhackers, Cybersecuritynews, Kb.Cert

Summary

A severe vulnerability, tracked as CVE-2026-5757, has been identified in Ollama's model quantization engine, which enables unauthenticated attackers to exploit the model upload interface. By uploading a specially crafted GGUF file, attackers can read and exfiltrate sensitive heap memory from the server, potentially leading to unauthorized access and broader system compromise. This vulnerability affects Ollama, an open-source tool for running large language models locally on macOS, Windows, and Linux. Currently, there is no patch available, and the vendor has not been reached for coordination. Security experts recommend restricting access to the model upload functionality, especially in untrusted environments. The vulnerability was reported by Jeremy Brown through AI-assisted research. The risk is heightened due to the lack of immediate remediation options and the potential for significant data exposure. Key Points: • CVE-2026-5757 allows unauthenticated data exfiltration via malicious model uploads. • Ollama's model quantization engine is vulnerable, affecting local installations on multiple OS platforms. • No patch is currently available, necessitating immediate access restrictions to mitigate risks.

Key Entities

• Data Breach (attack_type)
• Ollama (platform)
• Linux (platform)
• MacOS (platform)
• Windows (platform)
• CVE-2026-5757 (cve)
• Cwe-125 - Out-of-bounds Read (cwe)
• CWE-200 - Exposure of Sensitive Information (cwe)
• Cwe-787 - Out-of-bounds Write (cwe)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)