CVE-2026-15685
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/07/2026
Last modified:
14/07/2026
Description
Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability.<br />
<br />
The specific flaw exists within the downloadBlob function. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated array. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-27277.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH



