Regaan

**Name of the Vulnerable Software and Affected Versions** LoLLMs WEBUI (affected versions not specified) **Description** LoLLMs WEBUI, the web user interface for Lord of Large Language and Multi modal Systems, contains a Server-Side Request Forgery (SSRF) issue. An unauthenticated attacker can exploit this to force the server to make arbitrary GET requests via the `/api/proxy` endpoint. This could allow access to internal services, scanning of local networks, and potential exfiltration of sensitive cloud metadata, such as AWS or GCP IAM tokens. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.