Ollama "Bleeding Llama" CVE-2026-7482: Unauthenticated Remote Memory Leak

Researchers at Cyera disclosed CVE-2026-7482, a critical out-of-bounds read in Ollama (CVSS 9.1) that allows a remote, unauthenticated attacker to dump the server’s entire process memory. The flaw has been dubbed “Bleeding Llama.”

Over 300,000 Ollama instances are estimated to be publicly reachable, making the attack surface substantial. Process memory in an Ollama deployment can contain loaded model weights, inference inputs, and any credentials or tokens passed through the runtime environment.

No active exploitation has been confirmed at time of publication. Operators running Ollama exposed to the internet should patch immediately and audit network exposure — Ollama is not designed to be public-facing without authentication controls at the network layer.