CVE-2026-7482- Bleeding Llama

These sources detail a critical security flaw in the **Ollama** AI platform, known as **"Bleeding Llama"** or **CVE-2026-7482**, which enables unauthenticated memory theft. Attackers can exploit a **heap out-of-bounds read** vulnerability by uploading a specially designed file to leak highly sensitive information, such as **API keys**, **private conversations**, and **environment variables**. While a fix was released in **version 0.17.1**, reports indicate that over **300,000 servers** remained exposed to the internet at the time of discovery. Furthermore, the documents reveal additional **unpatched vulnerabilities** specifically affecting **Windows users**, which could allow for unauthorised code execution through a flawed update mechanism. Security experts advise administrators to **update their software immediately**, restrict network access to local hosts, and implement **authenticated proxies** for shared environments. Together, these reports underscore the risks of deploying local AI tools as public services without adequate security precautions.