A serious cybersecurity vulnerability has recently been discovered in Ollama, a popular open-source AI platform used to run large language models locally. Researchers revealed that the flaw could allow attackers to remotely leak sensitive memory data from affected servers. The vulnerability has been officially identified as CVE-2026-7482 and has also been given the name “Bleeding Llama.” The discovery has raised major concerns among cybersecurity experts and organizations using AI systems.

Ollama is widely used by developers, researchers, and companies because it allows AI models to run on local machines instead of cloud-based services. Many organizations use the platform for coding assistants, automation systems, AI chatbots, and internal workflows. Due to its growing popularity, security issues involving the platform can affect a large number of users worldwide. Experts say the vulnerability highlights the increasing risks associated with self-hosted AI infrastructure.

According to cybersecurity researchers from Cyera, the flaw exists in the way Ollama processes GGUF model files used by AI systems. Attackers can reportedly exploit the vulnerability by uploading a specially crafted malicious model file through Ollama’s /api/create endpoint. Once the server processes the file, it may accidentally read memory data beyond its intended limits. This type of issue is known as an out-of-bounds read vulnerability in cybersecurity.

Researchers warned that the leaked memory could contain highly sensitive information stored inside the running Ollama process. The exposed data may include API keys, environment variables, internal prompts, user conversations, and confidential company information. Since many organizations connect Ollama with enterprise AI systems and automation tools, the impact of such an attack could become extremely serious. Experts believe attackers may target such systems to steal valuable internal data.

Reports stated that the vulnerability affects Ollama versions released before version 0.17.1. The flaw received a CVSS severity score of 9.1, placing it in the “Critical” category due to its potential impact. Researchers also estimated that more than 300,000 servers worldwide may potentially be exposed if they are publicly accessible online. This large number has increased concern within the cybersecurity industry and among enterprise users.

The attack process reportedly occurs in several stages during the exploitation of the vulnerability. First, the attacker uploads a malicious GGUF model file to the vulnerable server through the /api/create feature. While processing the file, the server may unintentionally leak sensitive memory data stored in the running process. Researchers also explained that attackers could potentially use Ollama’s /api/push feature to transfer the stolen data outside the affected system.

Cybersecurity experts say this incident demonstrates how AI infrastructure is becoming an attractive target for cybercriminals. Many organizations rapidly deploy AI platforms without properly securing APIs or restricting internet exposure to internal services. As the use of AI systems continues to increase, attackers are now focusing on vulnerabilities within AI frameworks and related technologies. Experts warned that improper security practices can significantly increase the risk of data exposure.

 

To reduce the danger, researchers strongly advised organizations to immediately upgrade Ollama to version 0.17.1 or later, where the vulnerability has reportedly been patched. Experts also recommended placing Ollama servers behind firewalls, restricting public access, and using authentication layers for additional protection. Since Ollama’s API does not include built-in authentication by default, publicly exposed systems may face greater risks. The “Bleeding Llama” vulnerability is now considered one of the most serious AI-related security flaws disclosed this year.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news