Key Findings CVE-2026-7482 (CVSS 9.1) affects Ollama versions before 0.17.1, impacting an estimated 300,000+ servers globally Out-of-bounds read in GGUF model loader allows unauthenticated remote attackers to leak entire process memory Vulnerability enables exfiltration of API keys, environment variables, system prompts, and user conversation data Two additional Windows update flaws (CVE-2026-42248 and CVE-2026-42249) enable persistent code execution but remain unpatched Olla