Medium severity6.3NVD Advisory· Published Apr 5, 2026· Updated Apr 24, 2026

CVE-2026-5530

Description

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Ollama/Ollamainferred
Range: <=18.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vuldb.com/submit/782107nvd
vuldb.com/vuln/355283nvd
vuldb.com/vuln/355283/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000