CVE-2026-15685

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/07/2026
Last modified:
14/07/2026

Description

Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability.<br /> <br /> The specific flaw exists within the downloadBlob function. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated array. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-27277.

References to Advisories, Solutions, and Tools