CVE-2026-5530

Name of the Vulnerable Software and Affected Versions Ollama versions up to 18.1

Description A flaw exists in Ollama up to version 18.1 related to the processing of the server/download.go file within the Model Pull API component. This can lead to a server-side request forgery (SSRF) attack, which can be launched remotely. The vendor was contacted but did not respond.

Recommendations Versions prior to 18.2 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.