Ollama Windows Auto-Updater Vulnerabilities Enable Persistent Remote Code Execution
Tags AI ยท OSS ยท Developer Tools
Researchers at Striga disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama's Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login. Ollama is an open-source tool for running large language models locally, used by developers who want to keep data on-premise and avoid API costs.
Technical significance
Ollama's popularity among developers running local LLMs makes this a high-impact target. The auto-updater attack vector is particularly dangerous because users expect updaters to have elevated privileges. The persistence mechanism (running on every login) means the compromise survives reboots, making it difficult to detect and remove.