“updates in the background. striga surfaced the [ vulnerability ] chain during an audit of the ollama repository, ” striga co - founder bartłomiej dmitruk explained. cve - 2026 - 42248 is straightforward : the windows build ’ s auto - updater signature verification function exists…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1105Ingress Tool Transfer
55%
“updates in the background. striga surfaced the [ vulnerability ] chain during an audit of the ollama repository, ” striga co - founder bartłomiej dmitruk explained. cve - 2026 - 42248 is straightforward : the windows build ’ s auto - updater signature verification function exists…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1574Hijack Execution Flow
35%
“updates in the background. striga surfaced the [ vulnerability ] chain during an audit of the ollama repository, ” striga co - founder bartłomiej dmitruk explained. cve - 2026 - 42248 is straightforward : the windows build ’ s auto - updater signature verification function exists…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1105Ingress Tool Transfer
34%
“survives indefinitely. on the next login, windows runs whatever was dropped there, and there is no warning ( since the dropped file does not carry a mark - of - the - web tag ). “ the same dropped binary fires on every subsequent login until the file is removed, ” he pointed out,…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
31%
“updates in the background. striga surfaced the [ vulnerability ] chain during an audit of the ollama repository, ” striga co - founder bartłomiej dmitruk explained. cve - 2026 - 42248 is straightforward : the windows build ’ s auto - updater signature verification function exists…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Researchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login. CVE-2026-42248 and CVE-2026-42249 Ollama is an open-source tool for running large language models locally. It’s is used by those who don’t want their data to leave their machine and don’t want to be constrained by API costs, usage limits, or the requirement of … More →