Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say
Researchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login. CVE-2026-42248 and CVE-2026-42249 Ollama is an open-source
ORIGINAL SOURCE →via Help Net Security
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Somali terror groups could tighten Hormuz chokehold through Bab-el-Mandeb piracy, experts say
- [CYBER] Russia to expand ‘cyber squads’ in schools and universities to monitor online content
- [CYBER] An exploitable integer overflow in Lix (CVE-2026-44028)
- [CYBER] Latvian national sentenced for ransomware attacks run by former Conti leaders
- [CYBER] Over 5 months: Payment bypass marked OOS, moved to VDP, and downgraded to Medium.
- [CYBER] Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE