Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
A critical out-of-bounds read vulnerability in Ollama, codenamed 'Bleeding Llama,' could allow remote attackers to leak process memory.
A critical security vulnerability, tracked as CVE-2026-7482 and codenamed 'Bleeding Llama,' has been disclosed in the Ollama AI platform. The flaw is an out-of-bounds read vulnerability that could allow a remote, unauthenticated attacker to leak the entire process memory of an affected server [The Hacker News].
The vulnerability is considered highly severe, with a CVSS score of 9.1, and researchers estimate that it could impact over 300,000 servers globally. By exploiting this memory leak, an attacker could potentially gain access to sensitive information stored within the process memory, posing a significant risk to organizations utilizing Ollama for their AI workloads.
Users and administrators are advised to monitor for security updates from the Ollama project. As this is a newly disclosed vulnerability, organizations should prioritize reviewing their exposure and applying patches or mitigations as soon as they are made available by the vendor to prevent potential exploitation.