Critical Unauthenticated Memory Leak in Ollama | Cyera Blog

**Bleeding Llama (CVE-2026-7482)** — Cyera Research discloses a critical (CVSS 9.1) unauthenticated out-of-bounds heap read in Ollama's model quantization that lets an attacker craft a GGUF file to force heap reads and exfiltrate sensitive data via three API calls (upload, create, push), with ~300,000 internet-facing instances reported vulnerable; recommended immediate actions are to apply the vendor patch, block access to port 11434, enable authentication/proxies, and rotate exposed secrets.