CVE-2026-33340

Name of the Vulnerable Software and Affected Versions LoLLMs WEBUI (affected versions not specified)

Description LoLLMs WEBUI provides the web user interface for Lord of Large Language and Multi modal Systems. A Server-Side Request Forgery (SSRF) issue exists in all known versions of lollms-webui. The /api/proxy endpoint allows unauthenticated attackers to make arbitrary GET requests, potentially enabling access to internal services, local network scanning, and the exfiltration of sensitive cloud metadata.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.