{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5530", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-04T06:29:38.195Z", "datePublished": "2026-04-05T00:30:13.687Z", "dateUpdated": "2026-04-06T15:37:44.300Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-05T00:30:13.687Z"}, "title": "Ollama Model Pull API download.go server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "n/a", "product": "Ollama", "versions": [{"version": "18.0", "status": "affected"}, {"version": "18.1", "status": "affected"}], "cpes": ["cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*"], "modules": ["Model Pull API"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-04T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-04T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-04T08:34:43.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "davidrochester (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/355283", "name": "VDB-355283 | Ollama Model Pull API download.go server-side request forgery", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/355283/cti", "name": "VDB-355283 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/782107", "name": "Submit #782107 | Ollama 18.1 and previous Server-Side Request Forgery", "tags": ["third-party-advisory"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T15:37:34.960587Z", "id": "CVE-2026-5530", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:37:44.300Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5530", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T15:37:34.960587Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:37:38.377Z"}}], "cna": {"title": "Ollama Model Pull API download.go server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "davidrochester (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["Model Pull API"], "product": "Ollama", "versions": [{"status": "affected", "version": "18.0"}, {"status": "affected", "version": "18.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-04T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-04T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-04T08:34:43.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/355283", "name": "VDB-355283 | Ollama Model Pull API download.go server-side request forgery", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/355283/cti", "name": "VDB-355283 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/782107", "name": "Submit #782107 | Ollama 18.1 and previous Server-Side Request Forgery", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-05T00:30:13.687Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5530", "state": "PUBLISHED", "dateUpdated": "2026-04-06T15:37:44.300Z", "dateReserved": "2026-04-04T06:29:38.195Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-05T00:30:13.687Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-5530", "lastModified": "2026-04-24T18:13:28.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-05T01:16:48.220", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/782107"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355283"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355283/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "ollama: Ollama: Server-Side Request Forgery via Model Pull API manipulation", "id": "2455147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455147"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-918", "details": ["A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.", "A flaw was found in Ollama. A remote attacker can exploit this vulnerability by manipulating the Model Pull API's `server/download.go` file. This can lead to Server-Side Request Forgery (SSRF), allowing the attacker to force the server to make requests to arbitrary network locations."], "mitigation": {"lang": "en:us", "value": "To reduce exposure, restrict network access to the Ollama service. Configure firewall rules to limit inbound connections to the port used by Ollama (e.g., 11434) to only trusted clients or networks. This can prevent remote attackers from exploiting the Server-Side Request Forgery vulnerability. Applying firewall rules may require a service reload or restart to take effect and could impact legitimate service functionality if not configured carefully."}, "name": "CVE-2026-5530", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/lightspeed-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:debezium:3", "fix_state": "Fix deferred", "package_name": "debezium-ai-embeddings-ollama", "product_name": "Red Hat build of Debezium 3"}, {"cpe": "cpe:/a:redhat:debezium:3", "fix_state": "Fix deferred", "package_name": "langchain4j-ollama", "product_name": "Red Hat build of Debezium 3"}, {"cpe": "cpe:/a:redhat:debezium:3", "fix_state": "Fix deferred", "package_name": "ollama", "product_name": "Red Hat build of Debezium 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Fix deferred", "package_name": "ollama", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Fix deferred", "package_name": "quarkus-langchain4j-ollama", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "ollama", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "quarkus-langchain4j-ollama", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:trusted_profile_analyzer:2", "fix_state": "Fix deferred", "package_name": "rhtpa/rhtpa-trustification-service-rhel9", "product_name": "Red Hat Trusted Profile Analyzer"}], "public_date": "2026-04-05T00:30:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-5530\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5530\nhttps://vuldb.com/submit/782107\nhttps://vuldb.com/vuln/355283\nhttps://vuldb.com/vuln/355283/cti"], "statement": "Moderate. A Server-Side Request Forgery (SSRF) flaw in Ollama's Model Pull API allows a remote attacker to manipulate the API, compelling the server to initiate requests to arbitrary network locations. This could facilitate unauthorized access to internal network resources or enable other network-based attacks.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "18.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "18.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Ollama", "source": "cna", "vendor": "n/a"}, "product": "ollama", "vendor": "ollama"}], "analysis": {"en": {"generated_at": "2026-04-05T03:20:26.823829+00:00", "value": {"mitigation_remediation": ["Check current Ollama version; if 18.1 or older, upgrade to the latest patched release when available.", "If a fix is not yet available, disable the Model Pull API or restrict its access to trusted networks only.", "Configure network segmentation or firewall rules to block outbound requests from the Ollama service to internal networks, mitigating SSRF impact.", "Continuously monitor logs for unusual outbound requests from the Ollama server and set up alerts for suspicious activity.", "Keep all system components up to date and maintain an intrusion detection strategy for related attacks."], "summary": {"action": "Immediate patch", "impact": "Server\u2011side request forgery that can allow an attacker to make the Ollama server target arbitrary internal or external resources"}, "threat_synthesis": {"affected_systems": "Affected systems are instances of Ollama version 18.1 or earlier. The flaw exists in all releases up to 18.1, but no earlier versions are identified as vulnerable. Users running these versions are at risk if the Model Pull API is exposed to external traffic.", "description_and_impact": "The vulnerability resides in the file server/download.go component of the Ollama Model Pull API, enabling server\u2011side request forgery (SSRF). By manipulating the API request, an attacker can cause the Ollama server to send arbitrary HTTP requests to internal or external resources. This can lead to unauthorized data retrieval, potential exposure of sensitive information, or serve as a pivot for further attacks. The weakness is classified as CWE\u2011918.", "risk_and_exploitability": "The CVSS score is 5.3, indicating moderate severity. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalogue. The attack vector is remote, relying on external manipulation of the download endpoint. No authentication requirement is mentioned, suggesting that any client able to reach the API could exploit the flaw, thus the threat is significant for publicly exposed instances."}}}}, "created": "2026-04-06T20:26:49.649673+00:00", "updated": "2026-04-06T21:57:25.011972+00:00", "vendors": ["ollama", "ollama$PRODUCT$ollama"]}