Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Ollama Model Pull API May Allow Untrusted File Downloads
CVE-2026-5530
Summary
A security issue in Ollama's Model Pull API may allow an attacker to trick the server into downloading a malicious file. This could happen if an attacker can manipulate a request to the server. Ollama's developers were informed of this issue but did not respond, so it's unclear if or when it will be fixed. Users should be cautious when interacting with the Model Pull API.
Original title
A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-si...
Original description
A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 5 Apr 2026 · Updated: 7 Apr 2026 · First seen: 5 Apr 2026