Description
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before staging or executing update payloads, enabling attacker‑supplied executables to be accepted and later executed by the application.

Critically, Ollama for Windows performs silent automatic updates, so the malicious payload may be installed automatically without user awareness.

Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.
Published: 2026-04-29
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw exists because the Windows version of Ollama performs no verification of the authenticity or integrity of downloaded update executables. The verification routine always returns success, so any unsigned or tampered executable is treated as a valid update, staged, and executed by the application. This enables an attacker to supply a malicious update package that will be installed without user intervention, leading to arbitrary code execution on the affected system.

Affected Systems

Ollama for Windows versions from 0.12.10 through 0.17.5 have been confirmed vulnerable; earlier and later releases were not tested and may also be affected. The issue is specific to the Windows implementation; other platform variants of Ollama are not impacted.

Risk and Exploitability

The CVSS score of 7.7 indicates a high severity vulnerability. Because the update mechanism is silent and automatic, an attacker can deliver a malicious executable to a user with unsigned update handling, causing execution without user awareness. The EPSS score of <1% indicates a very low exploitation probability; however, based on the description, it is inferred that if an attacker can host a malicious update, the application would accept and execute it. The vulnerability is not listed in the CISA KEV catalog. The lack of signature verification allows an attacker-controlled update source to inject executable payloads, so the risk remains high for Windows users running Ollama in the vulnerable version range.

Generated by OpenCVE AI on April 29, 2026 at 17:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest patched release of Ollama that implements signed update verification, if such a release is available.
  • Disable automatic updates in Ollama’s settings to prevent silent installation of unsigned executables.
  • Enforce Windows application whitelisting or group‑policy rules that block execution of unsigned installers to mitigate potential misuse of the update mechanism.

Generated by OpenCVE AI on April 29, 2026 at 17:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Ollama
Ollama ollama
Vendors & Products Ollama
Ollama ollama

Wed, 29 Apr 2026 12:00:00 +0000

Type Values Removed Values Added
Description Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before staging or executing update payloads, enabling attacker‑supplied executables to be accepted and later executed by the application. Critically, Ollama for Windows performs silent automatic updates, so the malicious payload may be installed automatically without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.
Title Missing Signature Verification for Updates in Ollama
Weaknesses CWE-494
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

Ollama Ollama
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-04-29T13:23:07.650Z

Reserved: 2026-04-25T11:31:56.229Z

Link: CVE-2026-42248

cve-icon Vulnrichment

Updated: 2026-04-29T13:21:16.102Z

cve-icon NVD

Status : Received

Published: 2026-04-29T12:16:18.917

Modified: 2026-04-29T12:16:18.917

Link: CVE-2026-42248

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T17:15:16Z

Weaknesses