There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine
Summary
| CVE | CVE-2026-5757 |
|---|---|
| State | PUBLISHED |
| Assigner | certcc |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-26 16:16:36 UTC |
| Updated | 2026-06-26 16:16:36 UTC |
| Description | Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence. |
Risk And Classification
Problem Types: CWE-125 Out-of-bounds Read | CWE-416 Use After Free | CWE-306 Missing Authentication for Critical Function
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| kb.cert.org/vuls/id/518910 | [email protected] | kb.cert.org | |
| ollama.com | [email protected] | ollama.com | |
| www.kb.cert.org/vuls/id/518910 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.