Report an incident
Back
  • About us
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy Bezpieczny telefon
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerabilities in Ollama software
29 April 2026 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2026-42248
Publication date 29 April 2026
Vendor Ollama
Product Ollama
Vulnerable versions From 0.12.10 through 0.17.5
Vulnerability type (CWE) Download of Code Without Integrity Check (CWE-494)
Report source Report to CERT Polska
CVE ID CVE-2026-42249
Publication date 29 April 2026
Vendor Ollama
Product Ollama
Vulnerable versions From 0.12.10 through 0.17.5
Vulnerability type (CWE) Download of Code Without Integrity Check
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-494
22)
Report source Report to CERT Polska

Description

CERT Polska has received a report about vulnerabilities in Ollama software and participated in coordination of their disclosure.

The vulnerability CVE-2026-42248: Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before staging or executing update payloads, enabling attacker‑supplied executables to be accepted and later executed by the application.

Critically, Ollama for Windows performs silent automatic updates, so the malicious payload may be installed automatically without user awareness.

The vulnerability CVE-2026-42249: Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These values are passed directly to filepath.Join, allowing path traversal sequences (../) to be resolved and enabling files to be written outside the intended update staging directory. An attacker who can influence update responses can exploit this flaw to write arbitrary executables to attacker‑chosen locations accessible to the current user, including the Windows Startup directory. This allows execution of arbitrary executables.

Critically, when chained with CVE‑2026‑42248 (Missing Signature Verification for Updates), an attacker can deliver malicious payloads that are written to sensitive locations and executed automatically. Because Ollama for Windows performs silent automatic updates and executes staged binaries without user interaction, this results in automatic and persistent code execution without user awareness.

Maintainers of this project were notified early about these vulnerabilities, but didn't respond with the details of vulnerabilities or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.

Credits

We thank Bartłomiej Dmitruk (striga.ai) for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.