Cyber Posture

CVE-2026-33340

CriticalPublic PoC

Published: 24 March 2026

Published
24 March 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0919 92.7th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Description

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in all known existing versions of `lollms-webui`. The `@router.post("/api/proxy")` endpoint allows unauthenticated attackers to…

more

force the server into making arbitrary GET requests. This can be exploited to access internal services, scan local networks, or exfiltrate sensitive cloud metadata (e.g., AWS/GCP IAM tokens). As of time of publication, no known patched versions are available.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces authentication and authorization on the unauthenticated /api/proxy endpoint to block attackers from initiating arbitrary server-side GET requests.

SI-10 Information Input Validation good match
prevent

Validates and sanitizes user-supplied URLs or parameters in the proxy endpoint to prevent SSRF exploitation forcing requests to internal services or cloud metadata.

SC-7 Boundary Protection good match
prevent

Monitors and controls outbound communications at system boundaries to block SSRF-induced access to local networks, internal services, or sensitive metadata endpoints.

Security SummaryAI

CVE-2026-33340 is a critical Server-Side Request Forgery (SSRF) vulnerability affecting all known versions of lollms-webui, the web user interface for Lord of Large Language and Multi-modal Systems (LoLLMs). The issue stems from the `@router.post("/api/proxy")` endpoint, which allows unauthenticated attackers to force the server to make arbitrary GET requests. It has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-306 (Missing Authentication for Critical Function) and CWE-918 (Server-Side Request Forgery).

Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no user interaction or privileges required. Successful exploitation enables attackers to access internal services, scan local networks, or exfiltrate sensitive cloud metadata, such as AWS or GCP IAM tokens, leading to high impacts on confidentiality and integrity.

The GitHub security advisory (GHSA-mcwr-5469-pxj4) confirms the vulnerability in the lollms-webui codebase and states that, as of the CVE publication on March 24, 2026, no patched versions are available. Security practitioners should monitor the repository for updates and consider network segmentation or disabling the proxy endpoint until remediation is released.

Details

CWE(s)
CWE-306CWE-918

Affected Products

lollms
lollms web ui
all versions

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
attack.mitre.org →
T1552.005 Cloud Instance Metadata API Credential Access
Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.
attack.mitre.org →
Why these techniques?

SSRF vulnerability in unauthenticated public-facing /api/proxy endpoint directly enables exploitation of public-facing application (T1190), facilitates internal network service discovery via local network scanning (T1046), and exfiltration of cloud instance metadata credentials such as IAM tokens (T1552.005).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References