VYPR
advisoryPublished Jul 8, 2026· 1 source

Ollama Suffers Zero-Day Denial-of-Service Vulnerability

A critical denial-of-service vulnerability (ZDI-26-403) in Ollama allows unauthenticated remote attackers to crash the application by exploiting improper validation of array indexes in the downloadBlob function.

A critical denial-of-service (DoS) vulnerability, tracked as ZDI-26-403, has been discovered in the popular open-source platform Ollama, which simplifies running large language models locally. The flaw, identified by Nicholas Zubrisky of Trend Research and reported by the Zero Day Initiative (ZDI), allows unauthenticated remote attackers to crash affected Ollama installations.

The vulnerability stems from an improper validation of array indexes within the downloadBlob function. This oversight allows an attacker to send specially crafted input that leads to a memory access beyond the bounds of an allocated array. Successful exploitation of this weakness can result in a denial-of-service condition, rendering the Ollama service unavailable.

The Zero Day Initiative has assigned this vulnerability a CVSS score of 7.5, classifying it as high severity. The lack of authentication requirement significantly lowers the barrier to exploitation, making it a concerning threat for users running Ollama. The vulnerability was initially reported to the vendor on May 28, 2025, with ZDI following up on July 4, 2025, and ultimately notifying the vendor of their intent to publish as a zero-day advisory on September 9, 2025.

Given the nature of the vulnerability, which allows for remote crashing of the service, the primary mitigation strategy recommended by ZDI is to restrict network access to the Ollama service. Users should ensure that only trusted networks and individuals can interact with the Ollama installation to prevent potential exploitation.

Ollama is widely used by developers and AI enthusiasts to run various large language models on their local machines, enabling offline use and greater control over AI deployments. The widespread adoption of Ollama means that this vulnerability could affect a significant number of users who may not be aware of the potential for remote disruption.

This disclosure highlights the ongoing challenges in securing rapidly evolving open-source software, particularly in the burgeoning field of local AI model deployment. As more users adopt tools like Ollama, the security of these platforms becomes increasingly critical to protect against disruption and potential misuse.

The coordinated public release of the advisory occurred on July 8, 2026, following the vendor's inability to provide a timely patch. This timeline underscores the importance of proactive security practices and the potential risks associated with using software that has unaddressed vulnerabilities.

Users are advised to monitor for any official patches or security updates from the Ollama project and to implement network segmentation and access controls as a precautionary measure until a fix is available.

Synthesized by Vypr AI