Critical Unauthenticated Memory Leak Found in Ollama: "Bleeding Llama"

What Is Bleeding Llama?

Security research firm Cyera has disclosed a critical vulnerability in Ollama dubbed "Bleeding Llama" — an unauthenticated memory leak that can allow remote access to server memory without any credentials. The disclosure generated significant concern in the r/LocalLLaMA community.

The Risk

Ollama is a widely used tool for running local LLMs via a REST API server. While its default configuration restricts access to localhost, many users expose Ollama to local networks or public servers for team use. In those configurations, Bleeding Llama could allow an attacker to read server memory and extract conversation history, API keys, model weights in transit, or other sensitive data.

What to Do

Users running Ollama on any network-exposed setup should update to the latest patched version immediately. Verify firewall rules to block external access to Ollama's default port (11434). Cyera's full research report contains technical details of the vulnerability and the attack vector. As local LLM deployment becomes more common in team and production environments, vulnerabilities like this serve as a reminder that security hardening is not optional.