- Description
- Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
- Source
- cret@cert.org
- NVD status
- Analyzed
- Products
- ollama
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- nvd@nist.gov
- CWE-125
- Hype score
- Not currently trending
🐛 VULNERABILITIES CVE Notify: 🚨 [CVE-2026-5757](https://t.co/0d82isc1KN) Unauthenticated remote information disclosure... https://t.co/0d82isc1KN #Vulnerability #CVE #ZeroDay
@MalwareObserver
29 Jun 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-5757 · 8.6 → 0.17.0 The Model That Leaked Your Secrets: CVE-2026-5757 Turns Ollama Into a Memory Exfiltration Engine
@lyrie_ai
4 Jun 2026
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
The Model That Leaked Your Secrets: CVE-2026-5757 Turns Ollama Into a Memory Exfiltration Engine. Ollama's GGUF quantization engine contains a critical out-of-bounds memory read vulnerability CVE-2026-5757, CVSS 8.6 that allows unauthenticated attackers to steal sensitive…
@lyrie_ai
4 Jun 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2FE797-DC0D-42D8-9CEA-18CD363B877A",
"versionEndIncluding": "0.13.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]