Source:
tldr: CVE-2026-7482, published May 1, 2026, is a critical unauthenticated memory leak in Ollama. Attackers could access process memory and potentially leak prompts, system prompts, environment variables, and other secrets.
Affected versions and apps
- Affected product: Ollama.
- Affected vulnerability: CVE-2026-7482, also called Bleeding Llama.
- Impacted deployments include Ollama instances reachable by untrusted users or networks.
- Sensitive data at risk may include user prompts, system prompts, environment variables, API keys, and other process-memory contents.
- Check Cyera’s advisory and Ollama’s release notes for exact fixed versions.
What to do
- Upgrade Ollama to a fixed release.
- Do not expose Ollama directly to untrusted networks.
- Put authentication and network controls in front of Ollama.
- Rotate secrets that may have been present in process memory.