CVE-2026-7020
Modified Modified - Updated After Analysis

Path Traversal in Ollama Tensor Model Transfer Handler

Vulnerability report for CVE-2026-7020, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-26

Last updated on: 2026-05-06

Assigner: VulDB

Description

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-26
Last Modified
2026-05-06
Generated
2026-07-06
AI Q&A
2026-04-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ollama ollama From 0.20.0 (inc) to 0.20.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a security flaw in the Ollama software up to version 0.20.2, specifically in the function digestToPath within the Tensor Model Transfer Handler component. The flaw allows an attacker to manipulate the 'digest' argument, which results in a path traversal attack. This means an attacker can potentially access files or directories outside the intended scope by crafting the input in a certain way.

The attack can be performed remotely but is considered to have high complexity and is difficult to exploit. Despite this, the exploit code has been publicly released, increasing the risk of attacks.

Impact Analysis

This vulnerability can impact you by allowing an attacker to perform a path traversal attack remotely, potentially gaining unauthorized access to files or directories on the system running the vulnerable Ollama software. This could lead to exposure of sensitive data or unauthorized modification of files.

However, the attack is characterized by high complexity and is difficult to exploit, which may reduce the likelihood of successful exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7020. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart