CVE-2026-5757 | Unauthenticated remote information disclosure vulnerability … | CVSS 7.5 HIGH

Description

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.

Metadata

CVE ID: CVE-2026-5757
State: PUBLISHED
Assigner: certcc
Reserved: 2026-04-07 16:59 UTC
Published: 2026-06-26 15:15 UTC
Last updated: 2026-06-26 18:38 UTC
Vendor / Product: Ollama AI / Ollama
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Ollama AI	Ollama	—	v0.13.5

Weakness (CWE)

CWE	Source	Description
—	cna	CWE-125 Out-of-bounds Read
—	cna	CWE-416 Use After Free
—	cna	CWE-306 Missing Authentication for Critical Function

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.5	HIGH	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (2)