Ollama Platform Authentication Bypass Vulnerability in API Endpoints

Vulnerability

A critical authentication bypass vulnerability has been identified in the Ollama platform's API endpoints, affecting versions prior to and including v0.12.3. This vulnerability allows remote attackers to access multiple API endpoints without authentication, enabling unauthorized model management operations. The vulnerable endpoints include '/api/tags', '/v1/models', '/api/copy', '/api/delete', '/api/create', '/api/generate', and '/api/chat'.

Impact

Exploitation of this vulnerability could lead to unauthorized access and management of models, allowing for model poisoning through the injection of malicious prompts. Additionally, there is a potential for remote code execution via compromised model configurations.

Added: Dec 18, 2025, 5:13 PM

Updated: Dec 18, 2025, 5:13 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

7.8

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

7.8

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ollama Platform Authentication Bypass Vulnerability in API Endpoints

Vulnerability

Impact

Affected Products

Ollama

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating