Vibe Coding
Bleeding Llama: CVE-2026-7482 Exposes 300K Ollama Servers to Unauthenticated Memory Exfiltration
Cyera Research disclosed CVE-2026-7482 (CVSS 9.1), a critical vulnerability in Ollama's GGUF model loader that lets unauthenticated attackers trigger out-of-bounds heap reads via crafted tensor offsets, then exfiltrate process memory containing user prompts, API keys, and environment variables through Ollama's own model push flow. Patched in Ollama 0.17.1. Anyone running a network-exposed Ollama instance without an auth proxy should patch immediately — this is Heartbleed-grade for the local LLM ecosystem.
↳ Follow the thread