CVE-2024-6095

MEDIUM NUCLEI

mudler/localai < 2.17.0 - Server-Side Request Forgery and Partial Local File Inclusion via /models/apply Endpoint

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-6095. PoCs published by Abdurahmon3236. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2024-6095 by sending crafted payloads to a target endpoint, leveraging SSRF and LFI techniques with obfuscation and evasion methods. It includes random delays, custom headers, and encoded payloads to bypass detection.

Description

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s):// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the length of the error message. This vulnerability can be exploited by an attacker with network access to the LocalAI instance, potentially allowing unauthorized access to internal HTTP(s) servers and partial reading of local files. The issue is fixed in version 2.17.

Exploits (1)

nomisec WORKING POC

by Abdurahmon3236 · poc

https://github.com/Abdurahmon3236/-CVE-2024-6095

View Code ZIP pw:eip

This PoC exploits CVE-2024-6095 by sending crafted payloads to a target endpoint, leveraging SSRF and LFI techniques with obfuscation and evasion methods. It includes random delays, custom headers, and encoded payloads to bypass detection.

Classification

Working Poc 90%

Attack Type

Ssrf | Lfi

Complexity

Moderate

Reliability

Reliable

Target: Unknown (likely a web application with a vulnerable endpoint at /models/apply)

No auth needed

Prerequisites: Network access to the target endpoint · Python environment with requests library

MITRE ATT&CK

T1189 - Drive-by Compromise T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

LocalAI - Partial Local File Read

MEDIUMVERIFIEDby iamnoooob,pdresearch,rootxharsh

Shodan: http.favicon.hash:-976853304

References (2)

Core 2

Core References

Patch

https://github.com/mudler/localai/commit/2fc6fe806b903ac0a70218b21b5c84443a1b0866

View Patch ZIP pw:eip

Exploit, Third Party Advisory

https://huntr.com/bounties/4799262d-72dc-43c8-bc99-81d0dce996dc

Scores

CVSS v3 5.8

EPSS 0.0248

EPSS Percentile 82.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

mudler/localai < 2.17.0

Published Jul 06, 2024

Tracked Since Feb 18, 2026