CNNVD-202601-4198 Information
Jan 23, 2026
cve
CNNVD ID
CNNVD-202601-4198
Related CVE
- CNNVD Published: 2026-01-23
Description (Chinese)
Ollama MCP Server是Ollama开源的一个基于大模型上下文协议的服务端组件。 Ollama MCP Server存在操作系统命令注入漏洞,该漏洞源于execAsync方法缺少对用户提供字符串的验证,可能导致远程代码执行。
Description (English)
Ollama MCP Server is a service-end component based on a large-model context protocol from Ollama Open Source. Ollama MCP Server has an operational system command to inject a loophole, which stems from the lack of the execAsync method to provide a string validation to the user, which may lead to remote code execution.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
Ollama
Published
2026-01-23
Last Modified
2026-02-24
References
https://www.zerodayinitiative.com/advisories/ZDI-26-020/
Patch
https://github.com/ollama/ollama/releases
Share on: