Gguf

vulnerabilities 2026-05-19
Ollama CVE-2026-7482 'Bleeding Llama': Heap OOB Read in GGUF Loader Leaks Server Memory to Unauthenticated Attackers
A heap out-of-bounds read in Ollama's GGUF model loader (CVE-2026-7482, CVSS 9.1) lets unauthenticated attackers exfiltrate server process memory — including API keys, env vars, system prompts, and other users' conversations — from an estimated 300,000+ exposed instances.
ollama ai-infrastructure cve-2026-7482 memory-disclosure gguf heap-overflow unauthenticated

Ollama CVE-2026-7482 'Bleeding Llama': Heap OOB Read in GGUF Loader Leaks Server Memory to Unauthenticated Attackers