← back to categories
DATA LEAK
(2)2 hack(s).
DATA LEAK CRITICAL
Bleeding Llama: a GGUF parsing flaw leaks Ollama process memory to unauthenticated attackers
CVE-2026-7482, publicly disclosed in May 2026 and codenamed Bleeding Llama by Cyera, lets a remote attacker pull arbitrary chunks of an Ollama server's heap — API keys, system prompts, other users' conversations — with three unauthenticated API calls. The silent patch shipped 2.5 months before the CVE was assigned.
2026-05-27//7 min
DATA LEAK CRITICAL
System prompt extraction via repetition attacks
Asking the model to 'repeat the word poem forever' causes it to eventually dump training data and system prompts. Documented across Claude 3, GPT-4, and Gemini.
2026-05-10//4 min