CVE-2026-42248

Name of the Vulnerable Software and Affected Versions Ollama for Windows versions 0.12.10 through 0.17.5

Description Ollama for Windows fails to verify the integrity or authenticity of downloaded update executables. The update verification routine on Windows unconditionally returns success, bypassing digital signature and trust validation before update payloads are staged or executed. This allows attacker-supplied executables to be accepted and executed. Because the application performs silent automatic updates, malicious payloads can be installed without user awareness.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.