CVE-2025-66960

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata

Published Jan 22, 2026

https://github.com/ollama/ollama/issues/9820 https://zero.shotlearni.ng/blog/cve-2025-66960guf-v1-string-length-cause-panic-in-readggufv1string/

CVSS ScoreHigh

7.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-66960

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata

Published Jan 22, 2026

https://github.com/ollama/ollama/issues/9820 https://zero.shotlearni.ng/blog/cve-2025-66960guf-v1-string-length-cause-panic-in-readggufv1string/

CVSS ScoreHigh

7.5


golang	github.com/ollama/ollama	v0.12.10

Ecosystem	Package	Version


golang	github.com/ollama/ollama	v0.12.10

Find vulnerabilities. Fix fast with AI.

CVE-2025-66960

CVE-2025-66960