
I responsibly disclosed 5 vulnerabilities in Ollama and LiteLLM through Huntr - now publicly disclosed after 90 days
Over the past few months, I conducted security research on Ollama and LiteLLM and reported several vulnerabilities through Huntr's coordinated vulnerability disclosure program.
Following the standard 90 day disclosure period, the findings have now been publicly disclosed.
The research resulted in five reported vulnerabilities. In Ollama, I identified a GGUF String Length Panic vulnerability that could lead to denial of service, as well as an unbounded vocab_size resource exhaustion issue that could cause excessive memory and CPU consumption. In LiteLLM, I reported a Pass-the-Hash authentication bypass, an SSRF vulnerability through custom guardrails, and a Unicode normalization issue that could lead to sandbox escape scenarios. What stood out during this research was how many impactful security issues originated from areas that are often overlooked in AI infrastructure, including model parsing and conversion pipelines, resource allocation controls, authentication logic, network trust boundaries, and Unicode normalization edge cases.
The repositories contain technical details, root cause analyses, proof of concepts, impact assessments, remediation recommendations, and links to the published Huntr disclosures.
Ollama research:
https://github.com/regaan/ollama-security-research
LiteLLM research:
https://github.com/regaan/litellm-vulnerability-research
All research was conducted and disclosed responsibly. The published material is intended strictly for educational, defensive, and research purposes. I am happy to answer questions about the disclosure process, research methodology, root cause analysis, or AI and LLM security in general.