EIP-2026-103791

PRE-CVE

ollama 0.6.4 - Server Side Request Forgery (SSRF)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103791. PoCs published by sud0.

AI-analyzed exploit summary This script exploits an SSRF vulnerability in ollama <=0.6.4 by sending a crafted request to the API endpoint to probe internal ports. It checks for connection status by analyzing error messages returned from the server.

Description

ollama 0.6.4 - Server Side Request Forgery (SSRF)

Exploits (1)

exploitdb SCANNER

by sud0 · pythonlocalmultiple

https://www.exploit-db.com/exploits/52116

View Code ZIP pw:eip

This script exploits an SSRF vulnerability in ollama <=0.6.4 by sending a crafted request to the API endpoint to probe internal ports. It checks for connection status by analyzing error messages returned from the server.

Classification

Scanner 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: ollama <=0.6.4

No auth needed

Prerequisites: Access to the ollama API endpoint · Network connectivity to the target IP and port

MITRE ATT&CK

T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026