EIP-2026-120677

PRE-CVE

is-localhost-ip 2.0.0 - SSRF

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-120677. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This PoC demonstrates an SSRF vulnerability in the 'is-localhost-ip' library (v2.0.0) by bypassing localhost checks using alternate IP encodings (e.g., IPv6-mapped addresses). The included Express server tests various hostname encodings to prove the bypass.

Description

is-localhost-ip 2.0.0 - SSRF

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · textlocalmultiple
https://www.exploit-db.com/exploits/52496

This PoC demonstrates an SSRF vulnerability in the 'is-localhost-ip' library (v2.0.0) by bypassing localhost checks using alternate IP encodings (e.g., IPv6-mapped addresses). The included Express server tests various hostname encodings to prove the bypass.

Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: is-localhost-ip v2.0.0
No auth needed
Prerequisites: Node.js v18+ · npm · Express server running the PoC
mistral-large-3 · analyzed May 19, 2026 Full analysis →

Details

Status pre_cve
Tracked Since May 05, 2026