CVE-2026-42249
Received Received - Intake
Path Traversal in Ollama Windows Update Enables Remote Code Execution

Publication date: 2026-04-29

Last updated on: 2026-05-18

Assigner: CERT.PL

Description
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These values are passed directly to filepath.Join, allowing path traversal sequences (../) to be resolved and enabling files to be written outside the intended update staging directory. An attacker who can influence update responses can exploit this flaw to write arbitrary executables to attacker‑chosen locations accessible to the current user, including the Windows Startup directory. This allows execution of arbitrary executables. Critically, when chained with CVE‑2026‑42248 (Missing Signature Verification for Updates), an attacker can deliver malicious payloads that are written to sensitive locations and executed automatically. Because Ollama for Windows performs silent automatic updates and executes staged binaries without user interaction, this results in automatic and persistent code execution without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-05-18
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42249
EUVD
EUVD-2026-26211
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ollama ollama From 0.12.10 (inc) to 0.17.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-494 The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Ollama for Windows' update mechanism, where it improperly handles HTTP response headers controlled by an attacker. When downloading updates, the application uses values from these headers to construct local file paths without validating them. This allows path traversal sequences (../) to be resolved, enabling an attacker to write files outside the intended update directory.

An attacker who can influence update responses can exploit this flaw to write arbitrary executable files to locations accessible by the current user, such as the Windows Startup directory, allowing execution of arbitrary code.

When combined with another vulnerability (CVE-2026-42248) that involves missing signature verification for updates, an attacker can deliver malicious payloads that are automatically executed without user interaction, resulting in persistent and silent code execution.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on your system without your knowledge or consent. By exploiting the flaw, an attacker can place malicious executables in sensitive locations such as the Windows Startup directory, causing these malicious programs to run automatically when your system starts.

Because the update process is silent and automatic, this can lead to persistent compromise of your system, potentially allowing unauthorized access, data theft, or further malware installation.

Executive Summary

This vulnerability exists in Ollama for Windows' update mechanism, where it improperly handles HTTP response headers controlled by an attacker. When the application downloads updates, it uses values from these headers to construct local file paths without validating them. This allows path traversal sequences (like ../) to be resolved, enabling an attacker to write files outside the intended update directory.

An attacker who can influence update responses can exploit this flaw to write arbitrary executable files to locations accessible by the current user, such as the Windows Startup directory, leading to execution of arbitrary code.

If combined with another vulnerability (CVE-2026-42248) that lacks signature verification for updates, an attacker can deliver malicious payloads that are automatically executed without user interaction, resulting in persistent and silent code execution.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on your system without your knowledge or consent. By exploiting the flaw, malicious executables can be placed in sensitive locations such as the Windows Startup directory, causing them to run automatically when the system starts.

Because the update process is silent and automatic, the attack can persist and remain undetected, potentially leading to unauthorized control over your system, data compromise, or further malware installation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42249. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart