Another AI service that's dangerous when exposed to the internet?
-
Another AI service that's dangerous when exposed to the internet? Well I never!
Anyway go check for exposed Ollama endpoints.
Unauthenticated Memory Leak in Ollama (CVE-2026-7482)
Details: Cyera disclosed a heap out-of-bounds read issue that exists in Ollama (before 0.17.1). This can be exploited to access sensitive information stored on the heap, including prompts, messages, and environment vari…
IFIN (discourse.ifin.network)
-
Another AI service that's dangerous when exposed to the internet? Well I never!
Anyway go check for exposed Ollama endpoints.
Unauthenticated Memory Leak in Ollama (CVE-2026-7482)
Details: Cyera disclosed a heap out-of-bounds read issue that exists in Ollama (before 0.17.1). This can be exploited to access sensitive information stored on the heap, including prompts, messages, and environment vari…
IFIN (discourse.ifin.network)
As a chaser, here are two other CVEs on Ollama from yesterday.
CVE-2026-42248, CVE-2026-42249: Ollama on Windows doesn't verify updates, writes anywhere
Oh cool Ollama on Windows has unpatched vulnerabilities that lead to Ollama downloading unverified updates from a malicious URL if set locally, and also a path traversal vulnerability leads to arbitrary file write. CVE-…
IFIN (discourse.ifin.network)
-
R relay@relay.infosec.exchange shared this topic
M mttaggart@infosec.exchange shared this topic
