Ollama Server Exposure Reveals Major AI Security Gaps

Malware Patrol’s scan found over 14,000 publicly accessible Ollama servers, with a large share running outdated versions susceptible to multiple CVEs (DNS rebinding enabling unauthenticated API access and exfiltration, ZipSlip RCE, path traversal, resource exhaustion, and malformed model upload issues). The exposure enables model theft/poisoning and large-scale abuse of inference compute; recommendations include updating to the latest Ollama release, enforcing authentication/firewalls, and monitoring usage.