CVE-2026-5530 — MEDIUM (CVSS 6.3) AI Security Vulnerability

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this...

Full CISO analysis pending enrichment.

Severity & Risk

CVSS 3.1

6.3 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Weaknesses (CWE)

CWE-918 Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

Timeline

Published

April 5, 2026

Last Modified

April 5, 2026

First Seen

April 5, 2026

Severity & Risk

Recommended Action

Compliance Impact

Technical Details

NVD Description

Weaknesses (CWE)

CVSS Vector

References

Timeline

Weekly CISO Take + top threats