CVE-2026-7020

LOW

Ollama Tensor Model Transfer transfer.go digestToPath path traversal

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-7020. PoCs published by davidrxchester.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-7020, which leverages a path traversal vulnerability in Ollama's tensor digest handling to achieve arbitrary file read. The PoC exfiltrates SSH host keys by manipulating API calls to a malicious registry.

Description

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WORKING POC

by davidrxchester · pythonpoc

https://github.com/davidrxchester/CVE-2026-7020

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-7020, which leverages a path traversal vulnerability in Ollama's tensor digest handling to achieve arbitrary file read. The PoC exfiltrates SSH host keys by manipulating API calls to a malicious registry.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Ollama (version not specified)

No auth needed

Prerequisites: Network access to the Ollama host · Ollama API endpoint reachable

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 26, 2026 Full analysis →

References (3)

Core 3

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-359599 | Ollama Tensor Model Transfer transfer.go digestToPath path traversal

https://vuldb.com/vuln/359599

Signature, Permissions Required signature permissions-required

VDB-359599 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359599/cti

Third Party Advisory third-party-advisory

Submit #797576 | Ollama v0.20.2 Information Disclosure

https://vuldb.com/submit/797576

Scores

CVSS v3 3.7

EPSS 0.0091

EPSS Percentile 55.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (5)

None/Ollama 0.20.0

None/Ollama 0.20.1

None/Ollama 0.20.2

ollama/ollama 0Go

ollama/ollama 0.20.0 - 0.20.2

Published Apr 26, 2026

Tracked Since Apr 26, 2026