CVE-2026-7020 — Path Traversal in Lightspeed-rhel8

CWE-22 — Path Traversal6 documents4 sources

Severity

6.3MEDIUMNVD

EPSS

0.0%

top 94.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ansible-automation-platform-24 Lightspeed-rhel8 Ansible-automation-platform-25 Lightspeed-rhel8 MTA Mta-solution-server-rhel9

Timeline

PublishedApr 26

Latest updateApr 28

Description

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early abo…

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶Red Hatmta/mta-solution-server-rhel9

▶Red Hatansible-automation-platform-24/lightspeed-rhel8

▶Red Hatansible-automation-platform-25/lightspeed-rhel8

🔴Vulnerability Details

VulDB

Ollama up to 0.20.2 Tensor Model Transfer transfer.go digestToPath digest path traversal↗2026-04-25

▶

📋Vendor Advisories

Red Hat

Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler↗2026-04-26

▶

💬Community

Bugzilla

CVE-2026-7020 ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler [fedora-all]↗2026-04-28

▶

Bugzilla

CVE-2026-7020 python-ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler [fedora-all]↗2026-04-28

▶

Bugzilla

CVE-2026-7020 Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler↗2026-04-26

▶