CVE-2026-5757
Received Received - Intake
Unauthenticated Remote Information Disclosure in Ollama Model Quantization Engine

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: CERT/CC

Description
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-5757
EUVD
EUVD-2026-39786
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ollama model_quantization_engine *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5757 is an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine.

An attacker can exploit this vulnerability by uploading a specially crafted GGUF file to the model upload interface, which lacks proper bounds checking.

Due to the quantization engine trusting tensor metadata from the GGUF file header without validation and using Go's unsafe.Slice, the attacker can cause out-of-bounds memory access into the server's heap memory.

This allows the attacker to read and exfiltrate sensitive data from the server's heap memory.

The leaked data is then processed and written into a new model layer, which can be pushed to an attacker-controlled server via Ollama's registry API, effectively exfiltrating the memory contents.

Impact Analysis

This vulnerability can lead to exposure of sensitive data stored in the server's heap memory.

An attacker could use the disclosed information to further compromise the system.

It also enables stealthy persistence, allowing attackers to maintain unauthorized access without detection.

Detection Guidance

This vulnerability involves an attacker uploading a specially crafted GGUF file to the model upload interface to read and exfiltrate heap memory. Detection would focus on monitoring and analyzing uploads to the model quantization engine, especially GGUF files.

Suggested detection approaches include:

  • Monitoring network traffic for unusual or unauthorized uploads to the model upload interface.
  • Inspecting logs of the model quantization engine for suspicious GGUF file uploads or unexpected model layer creations.
  • Using file integrity monitoring or scanning tools to detect anomalous GGUF files.

Specific commands are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include restricting or disabling access to the model upload functionality, especially in untrusted environments.

  • Limit deployments of the Ollama model quantization engine to trusted networks only.
  • If model uploads are necessary, ensure that only trusted sources are allowed to upload models.
  • Implement additional validation controls on uploaded GGUF files to prevent out-of-bounds memory access.

As of the report, no patch is available and the vendor has not been reached for coordination.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5757. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart