CVE-2026-7020 | Ollama up to 0.20.2 Tensor Model Transfer transfer.go digestToPath digest path traversal

A vulnerability categorized as critical has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal.

This vulnerability was named CVE-2026-7020. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More