{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-5757","assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","state":"PUBLISHED","assignerShortName":"certcc","dateReserved":"2026-04-07T16:59:20.290Z","datePublished":"2026-06-26T15:15:28.464Z","dateUpdated":"2026-06-26T18:38:23.503Z"},"containers":{"cna":{"title":"There exists an unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine","descriptions":[{"lang":"en","value":"Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence."}],"source":{"discovery":"UNKNOWN"},"affected":[{"vendor":"Ollama AI","product":"Ollama","versions":[{"status":"affected","version":"v0.13.5"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-125 Out-of-bounds Read"}]},{"descriptions":[{"lang":"en","description":"CWE-416 Use After Free"}]},{"descriptions":[{"lang":"en","description":"CWE-306 Missing Authentication for Critical Function"}]}],"references":[{"url":"https://kb.cert.org/vuls/id/518910"},{"url":"https://ollama.com"}],"x_generator":{"engine":"VINCE 3.0.43","env":"prod","origin":"https://cveawg.mitre.org/api/cve/CVE-2026-5757"},"providerMetadata":{"orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc","dateUpdated":"2026-06-26T15:15:28.464Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://www.kb.cert.org/vuls/id/518910"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-06-26T15:52:23.093Z"}},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-06-26T18:37:59.802606Z","id":"CVE-2026-5757","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-26T18:38:23.503Z"}}]}}