Full Report
CERT Polska has received a report about 2 vulnerabilities (CVE-2026-42248 and CVE-2026-42249) found in Ollama software.
Analysis Summary
# Vulnerability: Multiple RCE Flaws in Ollama for Windows Update Mechanism
## CVE Details
- **CVE ID:** CVE-2026-42248, CVE-2026-42249
- **CVSS Score:** Not explicitly provided (Estimated: Critical)
- **CWE:** CWE-494 (Download of Code Without Integrity Check), CWE-22 (Path Traversal)
## Affected Systems
- **Products:** Ollama (Windows Version)
- **Versions:** Confirmed from 0.12.10 through 0.17.5. (Note: Other versions may also be vulnerable as they were not tested).
- **Configurations:** Systems running Ollama on Windows with the auto-update feature enabled.
## Vulnerability Description
Ollama for Windows contains two critical flaws in its update routine:
1. **CVE-2026-42248 (Missing Integrity Check):** The update routine for Windows fails to verify digital signatures or the authenticity of downloaded update executables. The verification function is hardcoded to return "success," allowing any executable to be staged for installation.
2. **CVE-2026-42249 (Path Traversal):** The application uses attacker-controlled HTTP headers to construct file paths for update downloads using `filepath.Join`. Because the input is not validated, a "path traversal" attack can be used to write files to arbitrary locations outside the intended directory.
When chained, these vulnerabilities allow a remote attacker to deliver a malicious, unsigned executable and place it in sensitive locations (such as the Windows Startup directory) to achieve persistent Remote Code Execution (RCE).
## Exploitation
- **Status:** PoC status not explicitly stated, but technical details are documented.
- **Complexity:** Medium (Requires ability to influence/intercept HTTP update responses, e.g., via Man-in-the-Middle or DNS poisoning).
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Full system access via RCE)
- **Integrity:** High (Modification of system files and installation of malicious software)
- **Availability:** High (Ability to crash the system or overwrite critical files)
## Remediation
### Patches
- Users should monitor official Ollama releases for updates beyond version 0.17.5 that address these issues.
- *Note:* The report indicates that as of the publication date, the maintainers had not provided specific details on a patched version range.
### Workarounds
- **Block Updates:** Disable or block network access to Ollama's update servers at the firewall level.
- **Manual Oversight:** Monitor the Windows Startup directory and application directories for unrecognized executables.
- **Permission Hardening:** Run the application with the least privilege possible to limit where the path traversal can write files.
## Detection
- **Indicators of Compromise:**
- Unexpected executables appearing in the `%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup` directory.
- Unsigned binaries located in Ollama’s staging or installation folders.
- **Detection Methods:**
- Monitor network traffic for unusual update sources or modified HTTP headers during the Ollama update process.
- Use EDR/AV tools to detect unsigned binaries attempting to execute from application-specific folders.
## References
- hxxps[://]www[.]cve[.]org/CVERecord?id=CVE-2026-42248
- hxxps[://]www[.]cve[.]org/CVERecord?id=CVE-2026-42249
- hxxps[://]cert[.]pl/en/posts/2026/04/vulnerabilities-in-ollama/
- hxxps[://]cwe[.]mitre[.]org/data/definitions/494[.]html