Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

I responsibly disclosed 5 vulnerabilities in Ollama and LiteLLM through Huntr - now publicly disclosed after 90 days

0
Medium
Security-toolcybersecurityreddit
Published: 07/04/2026 (07/04/2026, 02:19:25 UTC)
Source: Reddit Cybersecurity

Description

Five vulnerabilities were responsibly disclosed in Ollama and LiteLLM after a 90-day coordinated disclosure period. In Ollama, vulnerabilities include a GGUF string length panic causing a denial of service and an unbounded vocab_size resource exhaustion leading to excessive CPU and memory use. In LiteLLM, issues include a Pass-the-Hash authentication bypass, an SSRF vulnerability via custom guardrails, and a Unicode normalization flaw that could enable sandbox escape. These vulnerabilities stem from overlooked areas in AI infrastructure such as model parsing, resource controls, authentication, network boundaries, and Unicode handling. The disclosures include technical details, root cause analyses, and proof-of-concept exploits for educational and defensive use.

Reddit Discussion

r/cybersecurity·posted by u/rothackers
00

Over the past few months, I conducted security research on Ollama and LiteLLM and reported several vulnerabilities through Huntr's coordinated vulnerability disclosure program.

Following the standard 90 day disclosure period, the findings have now been publicly disclosed.

The research resulted in five reported vulnerabilities. In Ollama, I identified a GGUF String Length Panic vulnerability that could lead to denial of service, as well as an unbounded vocab_size resource exhaustion issue that could cause excessive memory and CPU consumption. In LiteLLM, I reported a Pass-the-Hash authentication bypass, an SSRF vulnerability through custom guardrails, and a Unicode normalization issue that could lead to sandbox escape scenarios. What stood out during this research was how many impactful security issues originated from areas that are often overlooked in AI infrastructure, including model parsing and conversion pipelines, resource allocation controls, authentication logic, network trust boundaries, and Unicode normalization edge cases.

The repositories contain technical details, root cause analyses, proof of concepts, impact assessments, remediation recommendations, and links to the published Huntr disclosures.

Ollama research:

https://github.com/regaan/ollama-security-research

LiteLLM research:

https://github.com/regaan/litellm-vulnerability-research

All research was conducted and disclosed responsibly. The published material is intended strictly for educational, defensive, and research purposes. I am happy to answer questions about the disclosure process, research methodology, root cause analysis, or AI and LLM security in general.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/04/2026, 02:21:26 UTC

Technical Analysis

Security research identified five vulnerabilities in Ollama and LiteLLM, disclosed after 90 days via Huntr. Ollama's vulnerabilities include a GGUF parser panic triggered by an attacker-controlled 64-bit string length field without proper bounds checking, causing a runtime panic and service crash (denial of service). Another Ollama issue involves an unbounded vocab_size parameter used during model conversion, allowing attackers to cause excessive memory and CPU consumption, leading to resource exhaustion and host instability. LiteLLM vulnerabilities include a Pass-the-Hash authentication bypass, an SSRF vulnerability through custom guardrails, and a Unicode normalization issue that could lead to sandbox escape scenarios. The research highlights security risks in AI model handling, resource allocation, authentication logic, network trust boundaries, and Unicode edge cases. Technical repositories provide detailed analyses, proof-of-concept code, and remediation suggestions.

Potential Impact

The vulnerabilities in Ollama can cause remote denial of service through service crashes and resource exhaustion, potentially leading to complete loss of availability and host instability. LiteLLM's vulnerabilities include authentication bypass, which could allow unauthorized access, SSRF attacks that may enable internal network access, and sandbox escape risks that could compromise containment mechanisms. These impacts affect the confidentiality, integrity, and availability of the affected AI infrastructure components.

Mitigation Recommendations

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The disclosures include remediation recommendations; users and administrators should review the published technical details and apply any available fixes or mitigations. Since these vulnerabilities were responsibly disclosed and published after a 90-day period, it is recommended to monitor the official repositories and vendor advisories for patches or updates addressing these issues. Until patches are applied, consider restricting access to vulnerable components and carefully validating inputs related to model parsing, resource parameters, authentication, and network requests.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a486e1d27e9c79719d46fc8

Added to database: 07/04/2026, 02:21:17 UTC

Last enriched: 07/04/2026, 02:21:26 UTC

Last updated: 07/04/2026, 03:21:11 UTC

Views: 15

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses