CVE-2026-33340

Name of the Vulnerable Software and Affected Versions LoLLMs WEBUI (affected versions not specified)

Description LoLLMs WEBUI, the web user interface for Lord of Large Language and Multi modal Systems, contains a Server-Side Request Forgery (SSRF) issue. An unauthenticated attacker can exploit this to force the server to make arbitrary GET requests via the /api/proxy endpoint. This could allow access to internal services, scanning of local networks, and potential exfiltration of sensitive cloud metadata, such as AWS or GCP IAM tokens.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.