CVE Catalog

CVE-2026-5757

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.46%

37th percentile — higher than 37% of all known CVEs

Summary

An unauthenticated remote attacker can read and exfiltrate the heap memory of the Ollama server through the model quantization engine, leading to sensitive data exposure.

Risk Assessment

The risk includes leakage of sensitive information such as keys, tokens, or user data, potentially enabling further attacks and stealthy persistence on the system.

Recommendation

Immediately update Ollama to the latest patched version and restrict server access to trusted networks only.

Original NVD description (English source)

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS