Skip to main content

Lollms Webui

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-33340 CRITICAL POC Act Now

A critical Server-Side Request Forgery (SSRF) vulnerability exists in the LoLLMs WEBUI application, allowing unauthenticated remote attackers to force the server to make arbitrary GET requests through the `/api/proxy` endpoint. All known existing versions of lollms-webui are affected, and as of publication, no patched version is available. Attackers can exploit this to access internal services, scan local networks, or exfiltrate sensitive cloud metadata such as AWS or GCP IAM tokens.

SSRF Authentication Bypass Lollms Webui
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-33340
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

A critical Server-Side Request Forgery (SSRF) vulnerability exists in the LoLLMs WEBUI application, allowing unauthenticated remote attackers to force the server to make arbitrary GET requests through the `/api/proxy` endpoint. All known existing versions of lollms-webui are affected, and as of publication, no patched version is available. Attackers can exploit this to access internal services, scan local networks, or exfiltrate sensitive cloud metadata such as AWS or GCP IAM tokens.

SSRF Authentication Bypass Lollms Webui
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy