CVE-2026-7020 | Ollama up to 0.20.2 Tensor Model Transfer transfer.go digestToPath digest path traversal

Inserito da Angelo Barbosa | Apr 25, 2026 | CVE

A vulnerability categorized as critical has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal.

This vulnerability was named CVE-2026-7020. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7020 | Ollama up to 0.20.2 Tensor Model Transfer transfer.go digestToPath digest path traversal

Post correlati

CVE-2024-7348 | PostgreSQL up to 12.19/13.15/14.12/15.7/16.3 pg_dump toctou

CVE-2024-41961 | sapcc elektra Live Search code injection (GHSA-6j2h-486h-487q)

CVE-2024-11090 | stellarwp Membership Plugin up to 3.2.13 on WordPress information disclosure

CVE-2025-1288 | WOOEXIM Plugin up to 5.0.0 on WordPress cross site scripting