NuClide Research
Most recent
navigate open esc close Corpus index built 2026-06-07 23:58 UTC

← All engagement records

Case study May 2, 2026

Malaysia Ministry of Education (EMISC): Unauthenticated Ollama Node

Bill Rondell, Nick Adams & Dade Murphy — May 2, 2026 — case study — 1 min read — 146 words
Sector
Universities
Country
moec

NuClide Research · 2026-05-02

Summary

Malaysia’s Ministry of Education Education Management Information System Centre (EMISC) exposes one Ollama node (203.172.144.85) with two models. EMISC manages the national school and education data infrastructure for Malaysia.

Infrastructure

FieldValue
IP203.172.144.85
OrgMinistry of Education - EMISC
CountryMalaysia
Ollama version0.9.6
Open port11434 (public)

Models

ModelNotes
(2 models)No system prompts recovered

Findings

F1: Government Education IT Infrastructure Exposed (HIGH)

EMISC is the IT arm of Malaysia’s Ministry of Education, responsible for national school data systems. An Ollama node on this network, accessible from the public internet without authentication, represents a misconfigured deployment on government education infrastructure.

F2: Model Injection (CRITICAL)

CVE-2025-63389 applies. Version 0.9.6 confirms no updates since early 2024.

Remediation

OLLAMA_HOST=127.0.0.1:11434
systemctl restart ollama

Disclosure

  • Discovered: 2026-05-02
  • Status: Pending outreach to Malaysia MoE EMISC