## Ollama Embedding Client Exposes SSRF Risk via Unvalidated OLLAMA_URL Environment Variable
A medium-severity SSRF vulnerability has been identified in the Ollama embedding client, allowing potential internal network probing if the environment variable is maliciously configured. The flaw resides in the `src/infrastructure/embeddings/ollama.ts` file, where the `OLLAMA_URL` environment variable is used directly without any validation before constructing a fetch request to the `/api/embed` endpoint. This lack of sanitization means an attacker who can control this variable could redirect requests to internal services, such as cloud metadata endpoints.

The specific code lines (10 and 19) show the `baseUrl` is set directly from `process.env.OLLAMA_URL` with a default fallback. A fetch call is then made to `${this.baseUrl}/api/embed`. If `OLLAMA_URL` is set to a URL like `http://169.254.169.254/latest/meta-data/`, the server would inadvertently make a request to that internal AWS metadata service, a classic SSRF attack vector. The vulnerability is assigned a CVSS score of 5.5, indicating a moderate risk that requires attention.

The security report mandates remediation within the current month. The recommended fix involves implementing strict URL validation, including allowlisting only HTTP/HTTPS schemes and permissible hosts, while actively blocking requests to private, link-local, and internal IP address ranges. This finding underscores the persistent risk of SSRF in applications that blindly trust user or environment-supplied URLs for backend service calls.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: SSRF, Vulnerability, Code Security, Ollama, Embeddings
- **Credibility**: unverified
- **Published**: 2026-04-06 10:27:09
- **ID**: 51276
- **URL**: https://whisperx.ai/en/intel/51276