Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: ollama

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-7020
5.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 4 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 10 hours ago
  • @LeSuisse ignored
    22 packages
    • gollama
    • ollama-cpu
    • nextjs-ollama-llm-ui
    • python312Packages.ollama
    • python313Packages.ollama
    • python314Packages.ollama
    • python312Packages.llm-ollama
    • python313Packages.llm-ollama
    • python314Packages.llm-ollama
    • haskellPackages.ollama-haskell
    • gnomeExtensions.ollama-indicator
    • python312Packages.langchain-ollama
    • python313Packages.langchain-ollama
    • python314Packages.langchain-ollama
    • home-assistant-component-tests.ollama
    • tests.home-assistant-components.ollama
    • python312Packages.llama-index-llms-ollama
    • python313Packages.llama-index-llms-ollama
    • python312Packages.llama-index-embeddings-ollama
    • python313Packages.llama-index-embeddings-ollama
    • pkgsRocm.python3Packages.llama-index-llms-ollama
    • pkgsRocm.python3Packages.llama-index-embeddings-ollama
    5 hours ago
  • @LeSuisse restored package ollama-cpu 5 hours ago
  • @LeSuisse ignored
    3 references
    5 hours ago
  • @LeSuisse accepted 5 hours ago
  • @LeSuisse published on GitHub 4 hours ago
Ollama Tensor Model Transfer transfer.go digestToPath path traversal

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Ollama
  • ==0.20.1
  • ==0.20.2
  • ==0.20.0

Matching in nixpkgs

pkgs.ollama-cuda

Get up and running with large language models locally, using CUDA for NVIDIA GPU acceleration

pkgs.ollama-rocm

Get up and running with large language models locally, using ROCm for AMD GPU acceleration

pkgs.ollama-vulkan

Get up and running with large language models locally, using Vulkan for generic GPU acceleration

Ignored packages (21)

pkgs.gnomeExtensions.ollama-indicator

An indicator that let you run models with Ollama.

  • nixos-unstable 8
    • nixpkgs-unstable 8
    • nixos-unstable-small 8
  • nixos-25.11 8
    • nixos-25.11-small 8
    • nixpkgs-25.11-darwin 8

Package maintainers

PoC: https://github.com/davidrxchester/CVE-2026-7020