Description

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

Related CPE's

Could not find any relations

References

https://gist.github.com/Cristliu/48dae561696374744d9fced07a544ecd

https://github.com/ollama/ollama/issues

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-306

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2025-12-18T16:15:54.760

28 hours ago

Last modified

2025-12-19T18:15:49.297

2 hours ago