Ollama, a popular open-source framework for running large language models (LLMs) locally, has been hit by a critical security vulnerability that could expose sensitive data. This vulnerability, dubbed 'Bleeding Llama' by Cyera, allows a remote, unauthenticated attacker to leak the entire process memory of an affected server. The issue stems from an out-of-bounds read flaw in the GGUF model loader, which is a file format used to store and load LLMs. This flaw is particularly concerning because it can be exploited by sending a specially crafted GGUF file to an exposed Ollama server, potentially revealing environment variables, API keys, system prompts, and even conversation data from concurrent users. The attack chain involves uploading a crafted GGUF file, triggering the out-of-bounds read during model creation, and then exfiltrating data from the heap memory to an external server.
This isn't the only security concern with Ollama. Researchers at Striga have also uncovered two vulnerabilities in Ollama's Windows update mechanism that can be chained into persistent code execution. These flaws, tracked as CVE-2026-42248 and CVE-2026-42249, remain unpatched and can be exploited by an attacker with control over an update server. The combination of these vulnerabilities allows an attacker to execute arbitrary code at every login, posing a significant risk to users.
The implications of these vulnerabilities are far-reaching. As Cyera security researcher Dor Attias points out, an attacker can gain access to sensitive information such as API keys, proprietary code, and customer contracts. This is especially concerning given that Ollama is often integrated with tools like Claude Code, which further amplifies the potential impact of an attack. To mitigate these risks, users are advised to apply the latest fixes, limit network access, audit running instances for internet exposure, and isolate them behind a firewall. Additionally, deploying an authentication proxy or API gateway is recommended to enhance security.
These security concerns highlight the importance of staying vigilant and proactive in the face of evolving cybersecurity threats. As the world becomes increasingly reliant on AI technologies, it is crucial to ensure that these tools are secure and protected from malicious actors. The vulnerabilities in Ollama serve as a reminder that even open-source projects can have significant security implications, and that users and developers must remain vigilant and take appropriate measures to safeguard their data and systems.
