CVE-2026-5757
Analyzed Analyzed - Analysis Complete

Unauthenticated Remote Information Disclosure in Ollama Model Quantization Engine

Vulnerability report for CVE-2026-5757, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-29

Assigner: CERT/CC

Description

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-29
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ollama ollama to 0.13.5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-5757 is an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine.

An attacker can exploit this vulnerability by uploading a specially crafted GGUF file to the model upload interface, which lacks proper bounds checking.

Due to the quantization engine trusting tensor metadata from the GGUF file header without validation and using Go's unsafe.Slice, the attacker can cause out-of-bounds memory access into the server's heap memory.

This allows the attacker to read and exfiltrate sensitive data from the server's heap memory.

The leaked data is then processed and written into a new model layer, which can be pushed to an attacker-controlled server via Ollama's registry API, effectively exfiltrating the memory contents.

Detection Guidance

This vulnerability involves an attacker uploading a specially crafted GGUF file to the model upload interface to read and exfiltrate heap memory. Detection would focus on monitoring and analyzing uploads to the model quantization engine, especially GGUF files.

Suggested detection approaches include:

  • Monitoring network traffic for unusual or unauthorized uploads to the model upload interface.
  • Inspecting logs of the model quantization engine for suspicious GGUF file uploads or unexpected model layer creations.
  • Using file integrity monitoring or scanning tools to detect anomalous GGUF files.

Specific commands are not provided in the available resources.

Impact Analysis

This vulnerability can lead to exposure of sensitive data stored in the server's heap memory.

An attacker could use the disclosed information to further compromise the system.

It also enables stealthy persistence, allowing attackers to maintain unauthorized access without detection.

Compliance Impact

The vulnerability allows unauthenticated remote attackers to read and exfiltrate heap memory from the server, potentially exposing sensitive data. This exposure of sensitive data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive information against unauthorized access and disclosure.

Since the vulnerability can result in sensitive data exposure and further system compromise, organizations using the affected software may face increased risk of violating these standards if the vulnerability is exploited.

Interim mitigations such as restricting model upload functionality, limiting deployments to trusted environments, and accepting models only from verified sources are recommended to reduce the risk and help maintain compliance.

Mitigation Strategies

Immediate mitigation steps include restricting or disabling access to the model upload functionality, especially in untrusted environments.

  • Limit deployments of the Ollama model quantization engine to trusted networks only.
  • If model uploads are necessary, ensure that only trusted sources are allowed to upload models.
  • Implement additional validation controls on uploaded GGUF files to prevent out-of-bounds memory access.

As of the report, no patch is available and the vendor has not been reached for coordination.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5757. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart