Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Helping small businesses with free, hands-on cyber consultancy

    July 15, 2026

    US charges alleged operators of Russian bulletproof hosting service

    July 15, 2026

    Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

    July 14, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»Alerts»CVE-2026-5530 | THREATINT
    Alerts

    CVE-2026-5530 | THREATINT

    adminBy adminApril 4, 2026No Comments1 Min Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Home

    Description

    A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

    PUBLISHED Reserved 2026-04-04 | Published 2026-04-05 | Updated 2026-04-05 | Assigner VulDB

    MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

    MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

    MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

    6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

    Problem types

    Server-Side Request Forgery

    Timeline

    2026-04-04: Advisory disclosed
    2026-04-04: VulDB entry created
    2026-04-04: VulDB entry last update

    Credits

    davidrochester (VulDB User) reporter

    VulDB CNA Team coordinator

    References

    vuldb.com/vuln/355283 (VDB-355283 | Ollama Model Pull API download.go server-side request forgery) vdb-entry

    vuldb.com/vuln/355283/cti (VDB-355283 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

    vuldb.com/submit/782107 (Submit #782107 | Ollama 18.1 and previous Server-Side Request Forgery) third-party-advisory

    cve.org (CVE-2026-5530)

    nvd.nist.gov (CVE-2026-5530)

    Download JSON



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleZDI-26-233: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
    Next Article Zero-Day Exposed: Unraveling Their Anatomy, Evolution, and Defense Strategies
    admin
    • Website

    Related Posts

    Alerts

    CISA Adds One Known Exploited Vulnerability to Catalog

    June 12, 2026
    Alerts

    FreePBX security advisory (AV26–596) – Canadian Centre for Cyber Security

    June 12, 2026
    Alerts

    SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1

    June 12, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    Helping small businesses with free, hands-on cyber consultancy

    July 15, 2026

    US charges alleged operators of Russian bulletproof hosting service

    July 15, 2026

    Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

    July 14, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.