{"vulnerability": "CVE-2026-7482", "sightings": [{"uuid": "d0c2b9f9-24e6-4eac-acc4-e147e48be012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116518353292182657", "content": "It is possible to see elevated activities targeting Ollama (CVE-2026-7482) https://vuldb.com/vuln/360957/cti", "creation_timestamp": "2026-05-04T21:09:36.083618Z"}, {"uuid": "64247d62-aaeb-43e8-8616-7f87b3f8d3f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkzuc7suqr2k", "content": "\ud83d\udd34 CVE-2026-7482 - Critical (9.1)\n\nOllama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. T...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-7482/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T14:15:35.303692Z"}, {"uuid": "7d6d1de9-cd7a-415e-a0ed-7bf5f8c0171e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkzwkpa3ak2k", "content": "CVE-2026-7482 - Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers\nCVE ID : CVE-2026-7482\n \n Published : May 4, 2026, 1:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : Ollama before 0.17.1 contains a heap out-...", "creation_timestamp": "2026-05-04T14:56:07.039873Z"}, {"uuid": "087c4e6c-d48b-48b5-a55c-3f5ec8cbd05d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://t.me/true_secator/8172", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Bleeding Llama, \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 300 000 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0439 Ollama \u043a\u0440\u0430\u0436\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\nOllama - \u044d\u0442\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c LLM \u043d\u0430 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445, \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u0435\u0441\u044f \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c\u044e \u0441\u0440\u0435\u0434\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0441\u0430\u043c\u043e\u0440\u0430\u0437\u043c\u0435\u0449\u0430\u0435\u043c\u043e\u0433\u043e \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0432\u044b\u0432\u043e\u0434\u0430 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u0418\u0418.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Cyera, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0447\u0442\u0435\u043d\u0438\u044f \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 \u0432 Ollama \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0445\u0440\u0430\u043d\u044f\u0449\u0435\u0439\u0441\u044f \u0432 \u043a\u0443\u0447\u0435, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0438, \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0438 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u044b, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043a\u043b\u044e\u0447\u0438 API, \u0442\u043e\u043a\u0435\u043d\u044b \u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u044b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-7482 (CVSS 9.3) \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u043c\u043e\u0434\u0435\u043b\u0435\u0439 GGUF, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0444\u0430\u0439\u043b GGUF, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u043e\u0431\u044a\u044f\u0432\u043b\u0435\u043d\u043d\u043e\u0435 \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0442\u0435\u043d\u0437\u043e\u0440\u0430 \u0438 \u0440\u0430\u0437\u043c\u0435\u0440, \u043f\u0440\u0435\u0432\u044b\u0448\u0430\u044e\u0449\u0438\u0435 \u0434\u043b\u0438\u043d\u0443 \u0444\u0430\u0439\u043b\u0430.\n\n\u041f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0444\u0430\u0439\u043b\u0430 \u0434\u0430\u0442\u0447\u0438\u043a \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043a\u0443\u0447\u0435, \u043e\u0431\u0440\u0430\u0449\u0430\u044f\u0441\u044c \u043a \u043f\u0430\u043c\u044f\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e.\n\n\u0417\u0430\u0442\u0435\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u0443\u044e \u0432 Ollama \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 - \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0438\u0437 \u043a\u0443\u0447\u0438 - \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c. \u0414\u043b\u044f \u0432\u0441\u0435\u0439 \u0430\u0442\u0430\u043a\u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0441\u0435\u0433\u043e \u0442\u0440\u0438 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432\u044b\u0437\u043e\u0432\u0430 API.\n\n\u0412 Cyera \u043f\u043e\u044f\u0441\u043d\u0438\u043b\u0438, \u0447\u0442\u043e Ollama \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u044b, \u0430 \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442, \u0447\u0442\u043e \u0432\u0441\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0430\u0442\u0430\u043a\u0430\u043c.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435 \u0432 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043e\u043a\u043e\u043b\u043e 300 000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Ollama, \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0438 \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 - \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0432\u043e\u0434\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0412 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0441\u043f\u043e\u0441\u043e\u0431\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f Ollama, \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f Bleeding Llama \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043a\u043e\u0434\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438, \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0445 \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u0434\u0440\u0443\u0433\u0443\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Cyera, \u00ab\u043b\u044e\u0431\u043e\u0435 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435, \u043f\u0440\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u043c Ollama \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u043f\u043e \u0441\u0435\u0442\u0438 \u0431\u0435\u0437 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0438\u043b\u0438 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0435\u0440\u0435\u0434 \u043d\u0435\u0439\u00bb, \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043e \u0440\u0438\u0441\u043a\u0443 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 Ollama 0.17.1, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0432\u043e\u0438\u043c \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f\u043c. \u0420\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f \u0441\u0435\u0442\u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c.\n\n\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u0442\u0430\u043a\u0436\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0430\u0443\u0434\u0438\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0438 \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u0438\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u044b \u0438 \u0434\u0430\u043d\u043d\u044b\u0435, \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0449\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0433\u043e, \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438.", "creation_timestamp": "2026-05-05T16:16:55.000000Z"}, {"uuid": "2001e0c0-705c-4340-830c-6410af5f0af7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://vulnerability.circl.lu/comment/f6d41719-7e76-40c7-ac12-d7d70f2ac1db", "content": "", "creation_timestamp": "2026-05-06T06:28:08.637328Z"}, {"uuid": "bf82573e-58b1-4c87-b444-c0f115e345b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3ml6b4hby722o", "content": "Critical Remote Memory Leak Vulnerability in Ollama (CVE-2026-7482) #appsec", "creation_timestamp": "2026-05-06T08:15:39.284615Z"}, {"uuid": "cc21777f-7e24-4a22-9686-689646ccebbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml4hbcq2cb2d", "content": "A critical heap out-of-bounds vulnerability (CVE-2026-7482) in Ollama\u2019s GGUF model loader exposes sensitive data including API keys and environment variables across 300,000 deployments. Update to Ollama 0.17.1. #DataLeak #ModelLoader #TechUSA", "creation_timestamp": "2026-05-05T15:00:25.905352Z"}, {"uuid": "e31bc027-500a-4a86-acc4-fb0b3bb1f31d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mlatqjeszc2e", "content": "Una vulnerabilitat al GGUF, el format obert que empaqueta models d'IA en un sol fitxer i que Ollama utilitza, exposa prompts, missatges i variables d'entorn d'unes 300.000 inst\u00e0ncies exposades a internet. Puntuaci\u00f3 9.3/10 (CVE-2026-7482).\nwww.securityweek.com/critical-bug...", "creation_timestamp": "2026-05-07T08:54:25.681908Z"}, {"uuid": "4dd0b4de-4396-4895-a184-2339102d1cc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml72eahjro2g", "content": "Regulatory actions hit Kochava over location data and privacy settlements impact Forbes. Data exposures found in Vimeo and Canvas. Critical flaws like Bleeding Llama (CVE-2026-7482) and MOVEit exploited amid active threat groups. #DataPrivacy #US", "creation_timestamp": "2026-05-06T15:47:24.700122Z"}, {"uuid": "8a2107ca-181b-4d2d-b985-b81b249f9e47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3ml735pisvl2l", "content": "[RSS] Bleeding Llama: Critical Unauthenticated Memory Leak in Ollama (CVE-2026-7482)\n\n\n www.cyera.com -> \n\n\nOriginal->", "creation_timestamp": "2026-05-06T16:01:38.938807Z"}, {"uuid": "bf528cfa-b26e-4c8d-9ac2-00882c078f5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7482", "type": "seen", "source": "https://infosec.exchange/ap/users/115741367687413652/statuses/116528836896778217", "content": "Another AI service that's dangerous when exposed to the internet? Well I never!\nAnyway go check for exposed Ollama endpoints.\nhttps://discourse.ifin.network/t/unauthenticated-memory-leak-in-ollama-cve-2026-7482/389\n#CVE #ThreatIntel #ThreatIntelligence #IFIN", "creation_timestamp": "2026-05-06T17:46:30.794966Z"}, {"uuid": "e4b608d7-588f-4ea0-9d18-2016b7895907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "Telegram/PzhmRpnH0GK_l-gQSVtV4RydjOIkDAHQ-MCr1tu85IjwQYE", "content": "", "creation_timestamp": "2026-05-07T19:00:14.000000Z"}, {"uuid": "b8beec00-1981-48e2-95c1-834d84571a8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "Telegram/ejAET7Wd0n1V5uqKctP5d-vJmqb8O4j5F4lTKyPXLyKbJrU", "content": "", "creation_timestamp": "2026-05-06T03:00:05.000000Z"}, {"uuid": "6b8e37ae-b3c5-4321-ae88-39e6252cc125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mlk2thx3ypl2", "content": "Bleeding Llama vulnerability just exposed 300,000 AI servers to instant memory theft \u2014 researchers warn of critical flaw Critical CVE-2026-7482 flaw in Ollama AI software exposes 300,000+ servers...\n\n#Data #Breaches #& #Scandals\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-11T00:55:17.178687Z"}, {"uuid": "5fe1affa-31fd-4a95-9ac7-bdfa7b15a418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "Telegram/vzTACITSxs978bepVF2fAbJ-LA46ia7V8AwPJb289jK3goA", "content": "", "creation_timestamp": "2026-05-07T21:00:05.000000Z"}, {"uuid": "07b9a951-95f0-40fe-945c-60a7b4be2170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/cyberwarriorsme.bsky.social/post/3mlisqa26he2c", "content": "Ollama's Critical CVE-2026-7482 Vulnerability Exposes Process Memory to Remote Attackers", "creation_timestamp": "2026-05-10T12:57:34.001968Z"}, {"uuid": "d1663db1-316c-41fd-8865-bc0612ebd4af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mliv6ej5q52i", "content": "CVE-2026-7482 & Windows Ollama Flaws: Three Unauthenticated API Calls Leak Your Entire AI Server\u2019s Memory While Auto-Updaters Plant Persistent Backdoors +\u00a0Video\n\nIntroduction: A critical heap out\u2011of\u2011bounds read vulnerability, tracked as CVE\u20112026\u20117482, affects Ollama versions prior to 0.17.1. Dubbed\u2026", "creation_timestamp": "2026-05-10T13:41:16.600285Z"}, {"uuid": "b5ebf45a-44bf-4844-a829-22cadcf4a69d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "Telegram/jpDI-NeTTmF-1B6pnaVWuyOH6vpyOCdnRS1pqYiJCkm7igI", "content": "", "creation_timestamp": "2026-05-05T23:00:15.000000Z"}, {"uuid": "09f13d38-0493-40a2-9c08-4c022e89fb8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7482", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mle2dd736d23", "content": "\ud83d\udce2 CVE-2026-7482 : Fuite m\u00e9moire critique non authentifi\u00e9e dans Ollama (Bleeding Llama)\n\ud83d\udcdd ## \ud83d\udd0d Contexte\n\nPubli\u00e9 le 5 mai 2026 par Dor Attias de Cyera \u2026\nhttps://cyberveille.ch/posts/2026-05-08-cve-2026-7482-fuite-memoire-critique-non-authentifiee-dans-ollama-bleeding-llama/ #CVE_2026_7482 #Cyberveille", "creation_timestamp": "2026-05-08T15:30:12.330870Z"}, {"uuid": "2fbab182-af0d-465a-982b-45355faa7fa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://t.me/thehackernews/8968", "content": "\ud83d\udea8 CVE-2026-7482 in Ollama could let remote attackers leak process memory from more than 300,000 exposed servers using crafted GGUF files.\n\nSeparate unpatched Windows flaws enable persistent code execution through Ollama\u2019s update mechanism.\n\nFull details and mitigations: https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html", "creation_timestamp": "2026-05-10T12:42:49.000000Z"}, {"uuid": "35f53d08-4a1b-43b0-bb9d-0c00d6219928", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mlivfqanfc2z", "content": "A critical out-of-bounds read vulnerability in Ollama GGUF loader (CVE-2026-7482) allows remote leakage of process memory, including API keys and conversation data. Windows update flaws enable persistent code execution. #Ollama #Poland #MemoryLeak", "creation_timestamp": "2026-05-10T13:45:23.493705Z"}, {"uuid": "31adf5bd-7b0b-415f-b3e4-331542d3c710", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mliyg2go5qe2", "content": "Ollama\u2019s Critical CVE-2026-7482 Vulnerability Exposes Process Memory to Remote Attackers Ollama\u2019s Critical CVE-2026-7482 Vulnerability Exposes Process Memory to Remote Attackers Cybersecurity r...\n\n#Global #Global #Cybersecurity #Ransomware [\u2026] \n\n[Original post on cyberwarriorsmiddleeast.com]", "creation_timestamp": "2026-05-10T14:39:19.767785Z"}, {"uuid": "88712db1-fa59-49f9-a0e7-9280235bb354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/116554490423746027", "content": "\ud83d\udea8 CVE-2026-7482 in Ollama could let remote attackers leak process memory from more than 300,000 exposed servers using crafted GGUF files.\nSeparate unpatched Windows flaws enable persistent code execution through Ollama\u2019s update mechanism.\nFull details and mitigations: https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html", "creation_timestamp": "2026-05-11T06:19:44.013796Z"}, {"uuid": "e0016b3b-0b7a-4400-92eb-ffad5e37f0f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mlizr4n4u3a2", "content": "Ollama Flaw Risks Full Memory Exposure in 300,000 Servers cybersecurity researchers have disclosed a critical vulnerability in the Ollama artificial intelligence framework that could allow a remote...\n\n#Security #Bleeding #Llama #CVE-2026-7482 #cybersecurity #Ollama #out-of-bounds #read\n\nOrigin [\u2026]", "creation_timestamp": "2026-05-10T15:03:21.839694Z"}, {"uuid": "eebf48c8-53b2-4634-8693-278eb183ed99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7482", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mlj27zo7wo2g", "content": "CVE-2026-7482 \"Bleeding Llama\": Critical Ollama Memory Disclosure Vulnerability\n\nCVE-2026-7482 'Bleeding Llama' is a critical memory disclosure vulnerability in Ollama (CVSS 9.1) affecting over 300,00...\n\n\ud83d\udd17 https://ipsec.live/blog/cve-2026-7482-ollama-bleeding-llama\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-10T15:11:39.960046Z"}, {"uuid": "a6fdb244-d377-4f23-b4e1-7b5e8dcd4993", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html", "content": "Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory.\nThe out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as CVE-2026-7482 (CVSS score: 9.1). It has been codenamed Bleeding Llama by Cyera.\nOllama is a", "creation_timestamp": "2026-05-10T10:41:00.000000Z"}, {"uuid": "b7ba6662-1c51-47f8-b883-761ca11f6639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "Telegram/pQV3iv9fNdQ8VJnJcygfcZdIe02_J94GklPNFkeEumVnTA", "content": "", "creation_timestamp": "2026-05-10T17:22:31.000000Z"}, {"uuid": "2db5533a-075f-4383-aafa-9d7dddaa15e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlldqadbog2p", "content": "\ud83d\udccc CVE-2026-7482 - Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied ... https://www.cyberhub.blog/cves/CVE-2026-7482", "creation_timestamp": "2026-05-11T13:07:11.539857Z"}, {"uuid": "4ee78d4b-b3ae-4e4d-b365-1f2e6ea543ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/calimegai.bsky.social/post/3mllnge3c2d2y", "content": "Une faille critique dans Ollama (CVE-2026-7482, score 9.1) expose plus de 300 000 serveurs \u00e0 une fuite m\u00e9moire \u00e0 distance. Nom de code : Bleeding Llama \ud83e\udd99\ud83d\udca5 #CyberSecurity #IA ", "creation_timestamp": "2026-05-11T16:00:40.443617Z"}, {"uuid": "b819dee0-f99d-4ab9-9aa9-e007021c52e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mlphjah4sn2x", "content": "The latest update for #Indusface includes \"Bleeding Llama (CVE-2026-7482): Critical Unauthenticated Memory Leak in Ollama\" and \"DDoS Protection for Insurance: Always-On Defense for Claims, Quotes & #APIs\".\n \n#cybersecurity #infosec https://opsmtrs.com/3ySs2VF", "creation_timestamp": "2026-05-13T04:25:26.159661Z"}, {"uuid": "26860afc-728f-40e3-9e63-30700d7bfbbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/modat-io.bsky.social/post/3mln776ammk2m", "content": "\ufe0f\u26a0 CVE-2026-7482: Critical heap out-of-bounds read in Ollama via crafted GGUF uploads to /api/create may leak API keys, prompts, credentials & conversation data from process memory. Affected: <0.17.1. Patch now. Query: product=\"Ollama\"\u00a0\n\nThe platform:\u00a0\nmagnify.modat.io", "creation_timestamp": "2026-05-12T06:51:22.944418Z"}, {"uuid": "58122199-db41-4a31-acaa-050785290cc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/mengli512.bsky.social/post/3mlndfaaioc2u", "content": "Ollama has a CVSS 9.1 bug named Bleeding Llama (CVE-2026-7482). Upgrade to 0.17.1 now. Are you running Ollama on 0.0.0.0?\n#Ollama #bug \nopen.substack.com/pub/pythonli...", "creation_timestamp": "2026-05-12T08:06:19.781893Z"}, {"uuid": "36ffe781-4480-41c7-b4f7-17725102afcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mlnivxjq2zh2", "content": "Bleeding Llama (CVE-2026-7482): Critical Unauthenticated Memory Leak in Ollama Critical Ollama flaw CVE-2026-7482 exposes 300K servers, letting attackers leak API keys, prompts, and credentials thr...\n\n#Security #Bulletin #Bleeding #Llama #Vulnerability [\u2026] \n\n[Original post on indusface.com]", "creation_timestamp": "2026-05-12T09:45:36.962997Z"}, {"uuid": "dfaaa1fc-de55-4425-963f-4ff0ccb6f7bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7482", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mmmqhog3te2q", "content": "Bleeding Llama: Ollama Memory Leak Exposes 300K Servers \u2014 API Keys & Chat Dat...\n\nCVE-2026-7482 'Bleeding Llama': Critical Ollama out-of-bounds read allows remote unauthenticated attackers ...\n\n\ud83d\udd17 https://ipsec.live/blog/2026-05-24-ollama-bleeding-llama-cve-2026-7482\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-24T19:52:49.650564Z"}, {"uuid": "6cc7996a-b543-4fb0-9fc1-4c0d1fc9e559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7482", "type": "seen", "source": "https://bsky.app/profile/hatena-bookmark.bsky.social/post/3mmrfjcfbou2z", "content": "#\ud83d\udd16\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\n\u3010\u5b8c\u5168\u7248\u3011AI\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5730\u7344\u7d75\u56f32026 - CVE\u30fb\u653b\u6483\u624b\u6cd5\u30fb\u9632\u5fa1\u7b56\u3092\u5168\u90e8\u89e3\u8aac\u3059\u308b - Qiita\n\n\u5148\u65e5\u306e\u8a18\u4e8b\u300c100\u4e07\u53f0\u306eAI\u30b5\u30fc\u30d3\u30b9\u3092\u30b9\u30ad\u30e3\u30f3\u3057\u305f\u3089\u53f2\u4e0a\u6700\u60aa\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3060\u3063\u305f\u300d\u304c\u5927\u304d\u306a\u53cd\u97ff\u3092\u3044\u305f\u3060\u3044\u305f\u3002 76\u3044\u3044\u306d\u300162\u30b9\u30c8\u30c3\u30af\u30018\u4e07PV\u8d85\u3048\u3002 \u30b3\u30e1\u30f3\u30c8\u3067\u300c\u3082\u3063\u3068\u8a73\u3057\u304f\u77e5\u308a\u305f\u3044\u300d\u300c\u5177\u4f53\u7684\u306a\u5bfe\u7b56\u3092\u6559\u3048\u3066\u300d\u3068\u3044\u3046\u58f0\u3092\u591a\u6570\u3044\u305f\u3060\u3044\u305f\u306e\u3067\u3001\u5b8c\u5168\u7248\u306e\u6df1\u6398\u308a\u8a18\u4e8b\u3092\u66f8\u304f\u3053\u3068\u306b\u3057\u305f\u3002 \u3053\u306e\u8a18\u4e8b\u3067\u306f\uff1a CVE-2026-7482\u300cBlee...", "creation_timestamp": "2026-05-26T16:20:12.715487Z"}]}