CVE-2026-7020
published 2026-04-26CVE-2026-7020: A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component…
PriorityP423low3.7CVSS 3.1
AVNACHPRNUINSUCLINAN
EPSS
0.91%
55.4th percentile
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform-24 | lightspeed-rhel8 | — | — |
| ansible-automation-platform-25 | lightspeed-rhel8 | — | — |
| github.com | ollama_ollama | 0 – 0.20.2 | — |
| mta | mta-solution-server-rhel9 | — | — |
| ollama | ollama | — | — |
| ollama | ollama | — | — |
| ollama | ollama | — | — |
| ollama | ollama | 0.20.0 – 0.20.2 | — |
CVSS provenance
nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.02.9LOWCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler
vendor_redhat·2026-04-26·CVSS 6.3
CVE-2026-7020 [MEDIUM] CWE-22 Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler
Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler
A flaw was found in Ollama, specifically within the Tensor Model Transfer Handler component. A remote attacker can exploit this vulnerability by manipulating the `digest` argument in the `digestToPath` function, leading to a path traversal. This allows unauthorized access to files or directories on the system. The attack is complex to execute, but a public exploit is available.
Statement: This Low impact flaw in Ollama's Tensor Model Transfer Handler allows a remote attacker to perform path traversal by manipulating the `digest` argument. While a public exploit exists, the attack is characterized by high complexity, limiting its overall impact on Red Hat deployments.
Mitigation: Mitigation for this issue is ei
GHSA
Ollama is Vulnerable to Path Traversal
ghsa·2026-04-26
CVE-2026-7020 [LOW] CWE-22 Ollama is Vulnerable to Path Traversal
Ollama is Vulnerable to Path Traversal
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
VulDB
Ollama up to 0.20.2 Tensor Model Transfer transfer.go digestToPath digest path traversal
vuldb·2026-04-25·CVSS 6.3
CVE-2026-7020 [MEDIUM] Ollama up to 0.20.2 Tensor Model Transfer transfer.go digestToPath digest path traversal
A vulnerability categorized as critical has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal.
This vulnerability was named CVE-2026-7020. The attack may be performed from remote. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-7020 ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler [fedora-all]
bugzilla·2026-04-28·CVSS 6.3
CVE-2026-7020 [MEDIUM] CVE-2026-7020 ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler [fedora-all]
CVE-2026-7020 ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-7020 python-ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler [fedora-all]
bugzilla·2026-04-28·CVSS 6.3
CVE-2026-7020 [MEDIUM] CVE-2026-7020 python-ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler [fedora-all]
CVE-2026-7020 python-ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-7020 Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler
bugzilla·2026-04-26·CVSS 6.3
CVE-2026-7020 [MEDIUM] CVE-2026-7020 Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler
CVE-2026-7020 Ollama: Ollama: Path traversal vulnerability in Tensor Model Transfer Handler
A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
2026-04-26
Published