Cybersecurity researchers have identified critical vulnerabilities in the Ollama framework, including a high-severity memory leak flaw and persistent code execution risks affecting over 300,000 servers globally.

Key Points

• The "Bleeding Llama" vulnerability (CVE-2026-7482) allows remote attackers to leak sensitive process memory, including API keys and conversation data, via a heap out-of-bounds read.
• Ollama versions prior to 0.17.1 are susceptible to the memory leak, which is triggered by uploading a specially crafted GGUF model file.
• Two additional unpatched flaws in the Ollama Windows client (CVE-2026-42248 and CVE-2026-42249) enable persistent code execution through path traversal and missing signature verification.
• The Windows vulnerabilities affect versions 0.12.10 through 0.22.0 and allow attackers to execute arbitrary code at every user login.
• Security experts recommend isolating Ollama instances behind firewalls, deploying authentication proxies, and disabling automatic updates on Windows systems to mitigate these risks.

Why it Matters

These vulnerabilities expose organizations to significant data breaches and unauthorized system access, as Ollama is widely used to run large language models locally. Because the framework lacks native authentication, these flaws provide a direct pathway for attackers to exfiltrate proprietary code, credentials, and sensitive user data from enterprise environments.