Critical Ollama flaw CVE-2026-7482 may leak API keys, prompts, and chats from exposed AI servers affecting 300,000 systems.
A critical security flaw in the popular AI framework Ollama is raising concerns across the cybersecurity industry after researchers warned the vulnerability could expose sensitive memory data from hundreds of thousands of internet-accessible AI servers.
The flaw, tracked as CVE-2026-7482 and nicknamed “Bleeding Llama,” affects Ollama versions prior to 0.17.1 and carries a critical CVSS severity score of 9.1. Researchers say the bug can allow remote, unauthenticated attackers to extract process memory from vulnerable servers using specially crafted GGUF model files.
According to security researchers, the vulnerability stems from a heap out-of-bounds read in Ollama’s GGUF model loader and quantization pipeline. By abusing the /api/create endpoint, attackers can reportedly force the server to read memory beyond allocated buffers, potentially exposing API keys, system prompts, user conversations, environment variables, and other sensitive data stored in memory.
Researchers estimate that more than 300,000 Ollama deployments may be exposed to the internet, dramatically increasing the potential attack surface. Many of the vulnerable systems are believed to be self-hosted AI environments used for development, internal assistants, and agentic AI workflows.
Investigators say exploitation requires only a small number of crafted API requests and does not require prior authentication in many exposed configurations. In some scenarios, attackers may also be able to exfiltrate leaked memory data by abusing Ollama’s /api/push functionality to upload maliciously generated artifacts to attacker-controlled registries.
The disclosure has intensified scrutiny around the rapid adoption of self-hosted AI infrastructure, with security professionals warning that many organizations are deploying local large language model systems without enterprise-grade hardening or network protections. Community discussions on Reddit highlighted concerns over developers exposing inference servers directly to the internet without authentication controls.
Ollama has addressed the vulnerability in version 0.17.1, and researchers are urging administrators to update immediately, restrict public access to management endpoints, and rotate any secrets or API credentials that may have been exposed.
Related articles :
- Exposed Google Cloud API Keys Can Now Access Gemini AI Services
- AI-Assisted VoidLink Linux Malware Framework Unveiled
- AI-aided Hydroponic Marijuana Operation Busted in Pune
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
