Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-120677. PoCs published by nu11secur1ty.
AI-analyzed exploit summary This PoC demonstrates an SSRF vulnerability in the 'is-localhost-ip' library (v2.0.0) by bypassing localhost checks using alternate IP encodings (e.g., IPv6-mapped addresses). The included Express server tests various hostname encodings to prove the bypass.
Description
is-localhost-ip 2.0.0 - SSRF
Exploits (1)
exploitdb
WORKING POC
by nu11secur1ty · textlocalmultiple
https://www.exploit-db.com/exploits/52496
This PoC demonstrates an SSRF vulnerability in the 'is-localhost-ip' library (v2.0.0) by bypassing localhost checks using alternate IP encodings (e.g., IPv6-mapped addresses). The included Express server tests various hostname encodings to prove the bypass.
Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target:
is-localhost-ip v2.0.0
No auth needed
Prerequisites:
Node.js v18+ · npm · Express server running the PoC
mistral-large-3 · analyzed May 19, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
May 05, 2026