Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-5757— There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine

AI Predicted 9.8 Difficulty: Moderate EPSS 0.55% · P42

Affected Version Matrix 1

VendorProductVersion RangeStatus
Ollama AIOllamav0.13.5affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-5757

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ollama AI Ollama 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ollama AI Ollama是Ollama AI的一款本地运行大语言模型的框架。 Ollama AI Ollama v0.13.5版本存在安全漏洞,该漏洞源于模型量化引擎问题,可能导致未经身份验证的攻击者远程读取和泄露服务器堆内存,敏感数据泄露、进一步破解和隐蔽持久化。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Ollama AIOllama v0.13.5 -

II. Public POCs for CVE-2026-5757

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-5757

登录查看更多情报信息。

Vendor Advisories for CVE-2026-5757 (1)

Vendor Pages for CVE-2026-5757 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-5757

No comments yet


Leave a comment