Directory Traversal Affecting ollama package, versions <0.17.6-r0


Severity

Recommended
0.0
critical
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.63% (46th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-MINIMOSLATEST-OLLAMA-16761714
  • published20 May 2026
  • disclosed29 Apr 2026

Introduced: 29 Apr 2026

CVE-2026-42249  (opens in a new tab)
CWE-22  (opens in a new tab)
CWE-494  (opens in a new tab)

How to fix?

Upgrade Minimos:latest ollama to version 0.17.6-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream ollama package and not the ollama package as distributed by Minimos. See How to fix? for Minimos:latest relevant fixed versions and status.

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These values are passed directly to filepath.Join, allowing path traversal sequences (../) to be resolved and enabling files to be written outside the intended update staging directory. An attacker who can influence update responses can exploit this flaw to write arbitrary executables to attacker‑chosen locations accessible to the current user, including the Windows Startup directory. This allows execution of arbitrary executables.

Critically, when chained with CVE‑2026‑42248 (Missing Signature Verification for Updates), an attacker can deliver malicious payloads that are written to sensitive locations and executed automatically. Because Ollama for Windows performs silent automatic updates and executes staged binaries without user interaction, this results in automatic and persistent code execution without user awareness.

Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.

CVSS Base Scores

version 3.1