These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-7482 is a heap out-of-bounds read in Ollama’s GGUF model loader that affects versions before 0.17.1. According to the CVE description and NVD record, a malicious GGUF file can declare tensor offsets and sizes that exceed the file’s actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (WriteTo()), Ollama can read past the allocated heap buffer. The result is information [truncated]
## Summary Ollama for Windows versions 0.12.10 through 0.17.5 contain a path traversal vulnerability in their automatic update mechanism. The application constructs local file paths using attacker‑controlled HTTP response headers without validation, allowing directory traversal sequences (../) to be resolved. This enables an attacker who can influence update responses to write arbitrary files—including ex [truncated]
Ollama for Windows versions 0.12.10 through 0.17.5 fail to verify the integrity or authenticity of downloaded update executables. The Windows implementation of the update verification routine unconditionally returns success, bypassing digital signature and trust validation before staging or executing update payloads. Combined with silent automatic updates on Windows, this enables attacker-supplied executa [truncated]