CVE-2026-5530

MEDIUM

Ollama Model Pull API download.go server-side request forgery

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-5530. PoCs published by adminlove520, davidrxchester.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-5530, an SSRF vulnerability in Ollama that allows full response exfiltration via OCI registry redirect. The PoC includes three modes: enumeration, exfiltration, and probing for response size.

Description

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (2)

github WORKING POC 3 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-5530

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-5530, an SSRF vulnerability in Ollama that allows full response exfiltration via OCI registry redirect. The PoC includes three modes: enumeration, exfiltration, and probing for response size.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: Ollama

No auth needed

Prerequisites: attacker-controlled registry host reachable by Ollama · knowledge of internal endpoints or response size for exfiltration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed May 05, 2026 Full analysis →

nomisec WORKING POC

by davidrxchester · poc

https://github.com/davidrxchester/CVE-2026-5530

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-5530, an SSRF vulnerability in Ollama that allows response exfiltration via OCI registry redirect. The PoC includes three modes: enumeration, exfiltration, and probing for response size.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: Ollama (version not specified)

No auth needed

Prerequisites: attacker-controlled registry host reachable by Ollama · knowledge of internal endpoints or response size for exfiltration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (3)

Core 3

Core References

Vdb Entry vdb-entry

VDB-355283 | Ollama Model Pull API download.go server-side request forgery

https://vuldb.com/vuln/355283

Signature, Permissions Required signature permissions-required

VDB-355283 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/355283/cti

Third Party Advisory third-party-advisory

Submit #782107 | Ollama 18.1 and previous Server-Side Request Forgery

https://vuldb.com/submit/782107

Scores

CVSS v3 6.3

EPSS 0.0029

EPSS Percentile 20.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (2)

None/Ollama 18.0

None/Ollama 18.1

Published Apr 05, 2026

Tracked Since Apr 05, 2026