A critical unauthenticated heap out-of-bounds vulnerability (CVE-2026-7482), dubbed Bleeding Llama, affects roughly 300,000 internet-exposed Ollama deployments and can leak sensitive heap data such as prompts, messages, environment variables, and API keys. Attackers can exploit the GGUF model loader and use Ollama’s model push feature to exfiltrate stolen data with only three unauthenticated API calls, so organizations must update to Ollama 0.17.1 and restrict network access. #Ollama #BleedingLlama
Keypoints
- CVE-2026-7482 is a heap out-of-bounds read in Ollama’s GGUF model loader.
- The flaw can expose prompts, messages, environment variables, API keys, tokens, and other secrets.
- An attacker can exfiltrate heap data via Ollama’s model push feature using only three unauthenticated API calls.
- Ollama launches without authentication by default and listens on all interfaces, leaving ~300,000 instances reachable from the internet.
<liOrganizations should upgrade to Ollama 0.17.1, restrict network access, deploy an authentication proxy, segment networks, and audit exposed instances.