CVE-2026-5757
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk37th percentile — higher than 37% of all known CVEs
Summary
An unauthenticated remote attacker can read and exfiltrate the heap memory of the Ollama server through the model quantization engine, leading to sensitive data exposure.
Risk Assessment
The risk includes leakage of sensitive information such as keys, tokens, or user data, potentially enabling further attacks and stealthy persistence on the system.
Recommendation
Immediately update Ollama to the latest patched version and restrict server access to trusted networks only.
Original NVD description (English source)
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.

