{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7020", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-25T11:29:26.173Z", "datePublished": "2026-04-26T04:45:11.467Z", "dateUpdated": "2026-05-06T04:55:00.516Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-06T04:55:00.516Z"}, "title": "Ollama Tensor Model Transfer transfer.go digestToPath path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "n/a", "product": "Ollama", "versions": [{"version": "0.20.0", "status": "affected"}, {"version": "0.20.1", "status": "affected"}, {"version": "0.20.2", "status": "affected"}], "cpes": ["cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*"], "modules": ["Tensor Model Transfer Handler"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-25T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-06T06:42:02.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "davidrochester", "type": "finder"}, {"lang": "en", "value": "nicholasgould", "type": "finder"}, {"lang": "en", "value": "davidrochester (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "davidrochester (VulDB User)", "type": "analyst"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/359599", "name": "VDB-359599 | Ollama Tensor Model Transfer transfer.go digestToPath path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359599/cti", "name": "VDB-359599 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/797576", "name": "Submit #797576 | Ollama v0.20.2 Information Disclosure", "tags": ["third-party-advisory"]}]}, "adp": [{"references": [{"url": "https://vuldb.com/submit/797576", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T13:12:43.487437Z", "id": "CVE-2026-7020", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:12:46.698Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7020", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T13:12:43.487437Z"}}}], "references": [{"url": "https://vuldb.com/submit/797576", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:12:37.112Z"}}], "cna": {"title": "Ollama Tensor Model Transfer transfer.go digestToPath path traversal", "credits": [{"lang": "en", "type": "finder", "value": "davidrochester"}, {"lang": "en", "type": "finder", "value": "nicholasgould"}, {"lang": "en", "type": "reporter", "value": "davidrochester (VulDB User)"}, {"lang": "en", "type": "analyst", "value": "davidrochester (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["Tensor Model Transfer Handler"], "product": "Ollama", "versions": [{"status": "affected", "version": "0.20.0"}, {"status": "affected", "version": "0.20.1"}, {"status": "affected", "version": "0.20.2"}]}], "timeline": [{"lang": "en", "time": "2026-04-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-25T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-05-06T06:42:02.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/359599", "name": "VDB-359599 | Ollama Tensor Model Transfer transfer.go digestToPath path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359599/cti", "name": "VDB-359599 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/797576", "name": "Submit #797576 | Ollama v0.20.2 Information Disclosure", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-06T04:55:00.516Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7020", "state": "PUBLISHED", "dateUpdated": "2026-05-06T04:55:00.516Z", "dateReserved": "2026-04-25T11:29:26.173Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-26T04:45:11.467Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*", "matchCriteriaId": "350C7036-3B08-4921-88B4-05B75846600B", "versionEndIncluding": "0.20.2", "versionStartIncluding": "0.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-7020", "lastModified": "2026-05-06T06:16:08.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-26T05:16:02.023", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/797576"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/359599"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/vuln/359599/cti"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/797576"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler", "id": "2461894", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461894"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-22", "details": ["A flaw was found in Ollama, specifically within the Tensor Model Transfer Handler component. A remote attacker can exploit this vulnerability by manipulating the `digest` argument in the `digestToPath` function, leading to a path traversal. This allows unauthorized access to files or directories on the system. The attack is complex to execute, but a public exploit is available."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-7020", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Fix deferred", "package_name": "mta/mta-solution-server-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2026-04-26T04:45:11Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-7020\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-7020\nhttps://vuldb.com/submit/797576\nhttps://vuldb.com/vuln/359599\nhttps://vuldb.com/vuln/359599/cti"], "statement": "This Low impact flaw in Ollama's Tensor Model Transfer Handler allows a remote attacker to perform path traversal by manipulating the `digest` argument. While a public exploit exists, the attack is characterized by high complexity, limiting its overall impact on Red Hat deployments.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.20.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.20.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.20.2"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Ollama", "source": "cna", "vendor": "n/a"}, "product": "ollama", "vendor": "ollama"}], "analysis": {"en": {"generated_at": "2026-04-28T13:27:27.187616+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest Ollama release that includes the fix for the digestToPath path traversal vulnerability.", "Restrict external access to the Tensor Model Transfer Handler by applying network segmentation or firewall rules so that only trusted hosts can contact the endpoint.", "Validate and sanitize the digest input on the server side, enforcing strict character restrictions or whitelisting and preventing the resolution of relative paths.", "If the feature is not required, disable or remove the Tensor Model Transfer Handler to eliminate the attack surface."], "summary": {"action": "Apply Patch", "impact": "Path Traversal \u2013 Arbitrary File Access"}, "threat_synthesis": {"affected_systems": "Ollama versions up to 0.20.2 are affected. Any deployment that exposes the Tensor Model Transfer Handler to external clients is at risk. No other vendors or products are listed as impacted.", "description_and_impact": "This vulnerability, identified as CWE\u201122, allows manipulation of the digest argument in the digestToPath function of Ollama\u2019s Tensor Model Transfer Handler. By supplying a crafted digest value, an attacker can cause the function to resolve paths outside the intended directory, resulting in path traversal that can read or overwrite arbitrary files on the host. The flaw is remote\u2011usable with high complexity and difficult exploitation, and a public exploit has already been released.", "risk_and_exploitability": "The CVSS score of 6.3 indicates moderate severity. The EPSS score of less than 1% and the absence from the CISA KEV catalog suggest a low likelihood of widespread exploitation at present. Nevertheless, because the vulnerability permits arbitrary file access from a remote attacker, it could be leveraged to pivot, exfiltrate data, or enable further compromise once foothold is gained. Based on the description, the likely attack vector is remote, though specific network reachability depends on the deployment configuration."}}}}, "created": "2026-04-27T18:41:59.097698+00:00", "updated": "2026-04-28T13:30:32.094345+00:00", "vendors": ["ollama", "ollama$PRODUCT$ollama"]}