{"api_version":"1","generated_at":"2026-06-26T18:57:29+00:00","cve":"CVE-2026-5757","urls":{"html":"https://cve.report/CVE-2026-5757","api":"https://cve.report/api/cve/CVE-2026-5757.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-5757","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-5757"},"summary":{"title":"There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine","description":"Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.","state":"PUBLISHED","assigner":"certcc","published_at":"2026-06-26 16:16:36","updated_at":"2026-06-26 16:16:36"},"problem_types":["CWE-125 Out-of-bounds Read","CWE-416 Use After Free","CWE-306 Missing Authentication for Critical Function"],"metrics":[],"references":[{"url":"https://kb.cert.org/vuls/id/518910","name":"https://kb.cert.org/vuls/id/518910","refsource":"cret@cert.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://ollama.com","name":"https://ollama.com","refsource":"cret@cert.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.kb.cert.org/vuls/id/518910","name":"https://www.kb.cert.org/vuls/id/518910","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-5757","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5757","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Ollama AI","product":"Ollama","version":"affected v0.13.5","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2026-06-26T15:52:23.093Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://www.kb.cert.org/vuls/id/518910"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"Ollama","vendor":"Ollama AI","versions":[{"status":"affected","version":"v0.13.5"}]}],"descriptions":[{"lang":"en","value":"Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence."}],"problemTypes":[{"descriptions":[{"description":"CWE-125 Out-of-bounds Read","lang":"en"}]},{"descriptions":[{"description":"CWE-416 Use After Free","lang":"en"}]},{"descriptions":[{"description":"CWE-306 Missing Authentication for Critical Function","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-06-26T15:15:28.464Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"url":"https://kb.cert.org/vuls/id/518910"},{"url":"https://ollama.com"}],"source":{"discovery":"UNKNOWN"},"title":"There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine","x_generator":{"engine":"VINCE 3.0.43","env":"prod","origin":"https://cveawg.mitre.org/api/cve/CVE-2026-5757"}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2026-5757","datePublished":"2026-06-26T15:15:28.464Z","dateReserved":"2026-04-07T16:59:20.290Z","dateUpdated":"2026-06-26T15:52:23.093Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-26 16:16:36","lastModifiedDate":"2026-06-26 16:16:36","problem_types":["CWE-125 Out-of-bounds Read","CWE-416 Use After Free","CWE-306 Missing Authentication for Critical Function"],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"5757","Ordinal":"1","Title":"There exists an unauthenticated remote information disclosure vu","CVE":"CVE-2026-5757","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"5757","Ordinal":"1","NoteData":"Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.","Type":"Description","Title":"There exists an unauthenticated remote information disclosure vu"}]}}}