Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
Metrics
Affected Vendors & Products
References
History
Wed, 08 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-822 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Mon, 29 Jun 2026 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ollama
Ollama ollama |
|
| Vendors & Products |
Ollama
Ollama ollama |
Fri, 26 Jun 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-200 |
Fri, 26 Jun 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Fri, 26 Jun 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-200 |
Fri, 26 Jun 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence. | |
| Title | There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine | |
| References |
|
Status: PUBLISHED
Assigner: certcc
Published: 2026-06-26T15:15:28.464Z
Updated: 2026-06-26T18:38:23.503Z
Reserved: 2026-04-07T16:59:20.290Z
Link: CVE-2026-5757
Updated: 2026-06-26T15:52:23.093Z
No data.