A bug could expose 300,000 Ollama deployments to data theft.

A critical vulnerability dubbed exposes roughly 300,000 internet‑accessible Ollama deployments to remote, unauthenticated data theft. The flaw is a heap out‑of‑bounds read in the GGUF model loader, allowing attackers to extract sensitive memory contents such as prompts, messages, API keys, and environment variables. Exploitation requires only three unauthenticated API calls and leverages Ollama’s model‑push feature to exfiltrate stolen data.

Read more:

https://www.securityweek.com/critical-bug-could-expose-300000-ollama-deployments-to-information-theft/