CVE-2026-5757

Name of the Vulnerable Software and Affected Versions Ollama (affected versions not specified)

Description An out-of-bounds heap read/write issue exists in the GGUF model quantization engine. An attacker can exploit this by uploading a specially crafted GPT-Generated Unified Format (GGUF) file to the model upload interface. Because the quantization engine lacks proper bounds checking and trusts tensor metadata, it can be triggered to read beyond intended memory boundaries, allowing unauthenticated remote exfiltration of sensitive heap memory from the server. This may lead to unauthorized data access, system compromise, and stealthy persistence.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.