What is CVE-2026-42248?

CVE-2026-42248 is a critical-severity vulnerability in Microsoft Windows, classified under Download of Code Without Integrity Check. CVSS score: 9.8/10. Published 2026-04-29.

How severe is CVE-2026-42248?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Microsoft Windows

CVE-2026-42248

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digita…

EPSS: 0.000 (14.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Microsoft Windows
Ollama — versions 0.12.10

Weakness classification (CWE)

CWE-494 — Download of Code Without Integrity Check

References

cvd@cert.pl (Third Party Advisory, third-party-advisory)
cvd@cert.pl (Product, product)

Frequently asked questions

What is CVE-2026-42248?: CVE-2026-42248 is a critical-severity vulnerability in Microsoft Windows, classified under Download of Code Without Integrity Check. CVSS score: 9.8/10. Published 2026-04-29.
How severe is CVE-2026-42248?: Critical severity. CVSS v3 base score is 9.8 out of 10.