Product

GGUF

2 articles First covered Apr 27, 2026, latest May 11, 2026

Cyera Research disclosure illustration for the Bleeding Llama vulnerability in Ollama's model execution pipeline

A crafted Ollama model file leaks the whole server's memory. 300,000 instances are exposed.

Cyera disclosed CVE-2026-7482 on May 1, a CVSS 9.1 unauthenticated heap read in Ollama. Three API calls dump prompts, env vars, and API keys from any open instance.

Security·2 weeks ago

A malicious GGUF file owns your SGLang server: CVE-2026-5760 is an unpatched 9.8

SGLang's reranker renders chat templates without a sandbox. Load a hostile GGUF, hit /v1/rerank, and the attacker has Python on your inference box. No patch yet.