Ollama Patches Critical Out-of-Bounds Read Vulnerability in v0.17.1; Unpatched Windows Flaws Remain in Older Versions

A critical out-of-bounds read vulnerability has been identified and patched in Ollama, the popular open-source large language model inference engine. Tracked as CVE-2026-7482 and addressed in version 0.17.1, the flaw could allow attackers to leak sensitive data—including API keys, prompts, and chat history—from exposed servers by serving crafted GGUF files. Security researchers disclosed the vulnerability through standard channels, prompting the emergency patch.

The issue stems from insufficient bounds checking when Ollama processes GGUF (GPT-Generated Unified Format) files, which are used to package model weights and metadata. An attacker capable of supplying a maliciously crafted GGUF file to a target server could trigger the out-of-bounds read, potentially exposing credentials and conversational data in memory. Servers directly accessible over networks face the highest risk, particularly those running unpatched Ollama instances.

Separately, researchers flagged additional unpatched vulnerabilities affecting Ollama versions 0.12.10 through 0.17.5 on Windows systems. These include weaknesses in the update mechanism that could enable persistent code execution through unsigned updates, alongside a path traversal flaw. Users running affected Windows deployments are advised to restrict network access to Ollama servers, monitor for anomalous GGUF file processing, and apply updates promptly once patches become available. The combination of a now-patched remote leak vector and lingering Windows-specific code execution risks creates a compound attack surface for operators of self-hosted AI inference infrastructure.