CVE-2026-5757: CWE-125 Out-of-bounds Read in Ollama AI Ollama
CVE-2026-5757 is an unauthenticated remote information disclosure vulnerability in the Ollama AI Ollama product's model quantization engine. It allows an attacker to read and exfiltrate the server's heap memory, potentially exposing sensitive data and enabling further compromise or stealthy persistence. The vulnerability affects version 0.13.5 of Ollama. No official patch or remediation guidance is currently available from the vendor or CERT advisories. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-5757) involves an out-of-bounds read (CWE-125) in the model quantization engine of Ollama AI's Ollama product. An unauthenticated attacker can remotely exploit this flaw to read the server's heap memory, potentially disclosing sensitive information. The vulnerability also relates to use-after-free (CWE-416) and improper authentication (CWE-306) weaknesses. The affected version is exactly 0.13.5. No CVSS score or vendor remediation level is provided, and no patch links are available. The CERT advisories linked do not specify any fix or mitigation steps.
Potential Impact
Successful exploitation can lead to unauthorized disclosure of sensitive data from the server's heap memory. This may facilitate further system compromise and enable stealthy persistence by attackers. The vulnerability is exploitable remotely without authentication, increasing its risk. However, no known active exploits have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is currently documented, users should monitor the vendor's advisories for updates. Until a patch is available, restricting network access to the affected service and applying defense-in-depth controls may reduce exposure.
CVE-2026-5757: CWE-125 Out-of-bounds Read in Ollama AI Ollama
Description
CVE-2026-5757 is an unauthenticated remote information disclosure vulnerability in the Ollama AI Ollama product's model quantization engine. It allows an attacker to read and exfiltrate the server's heap memory, potentially exposing sensitive data and enabling further compromise or stealthy persistence. The vulnerability affects version 0.13.5 of Ollama. No official patch or remediation guidance is currently available from the vendor or CERT advisories. There are no known exploits in the wild at this time.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-5757) involves an out-of-bounds read (CWE-125) in the model quantization engine of Ollama AI's Ollama product. An unauthenticated attacker can remotely exploit this flaw to read the server's heap memory, potentially disclosing sensitive information. The vulnerability also relates to use-after-free (CWE-416) and improper authentication (CWE-306) weaknesses. The affected version is exactly 0.13.5. No CVSS score or vendor remediation level is provided, and no patch links are available. The CERT advisories linked do not specify any fix or mitigation steps.
Potential Impact
Successful exploitation can lead to unauthorized disclosure of sensitive data from the server's heap memory. This may facilitate further system compromise and enable stealthy persistence by attackers. The vulnerability is exploitable remotely without authentication, increasing its risk. However, no known active exploits have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is currently documented, users should monitor the vendor's advisories for updates. Until a patch is available, restricting network access to the affected service and applying defense-in-depth controls may reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- certcc
- Date Reserved
- 2026-04-07T16:59:20.290Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://kb.cert.org/vuls/id/518910","vendor":"CERT"},{"url":"https://www.kb.cert.org/vuls/id/518910","vendor":"CERT"}]
Threat ID: 6a3ea39f6e08203f7db8ff95
Added to database: 06/26/2026, 16:06:55 UTC
Last enriched: 06/26/2026, 16:22:18 UTC
Last updated: 06/26/2026, 16:22:18 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.