CVE-2026-33340
Published: 24 March 2026
Summary
CVE-2026-33340 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Lollms Lollms Web Ui. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces authentication and authorization on the unauthenticated /api/proxy endpoint to block attackers from initiating arbitrary server-side GET requests.
Validates and sanitizes user-supplied URLs or parameters in the proxy endpoint to prevent SSRF exploitation forcing requests to internal services or cloud metadata.
Monitors and controls outbound communications at system boundaries to block SSRF-induced access to local networks, internal services, or sensitive metadata endpoints.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in unauthenticated public-facing /api/proxy endpoint directly enables exploitation of public-facing application (T1190), facilitates internal network service discovery via local network scanning (T1046), and exfiltration of cloud instance metadata credentials such as IAM tokens (T1552.005).
NVD Description
LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in all known existing versions of `lollms-webui`. The `@router.post("/api/proxy")` endpoint allows unauthenticated attackers to…
more
force the server into making arbitrary GET requests. This can be exploited to access internal services, scan local networks, or exfiltrate sensitive cloud metadata (e.g., AWS/GCP IAM tokens). As of time of publication, no known patched versions are available.
Deeper analysisAI
CVE-2026-33340 is a critical Server-Side Request Forgery (SSRF) vulnerability affecting all known versions of lollms-webui, the web user interface for Lord of Large Language and Multi-modal Systems (LoLLMs). The issue stems from the `@router.post("/api/proxy")` endpoint, which allows unauthenticated attackers to force the server to make arbitrary GET requests. It has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-306 (Missing Authentication for Critical Function) and CWE-918 (Server-Side Request Forgery).
Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no user interaction or privileges required. Successful exploitation enables attackers to access internal services, scan local networks, or exfiltrate sensitive cloud metadata, such as AWS or GCP IAM tokens, leading to high impacts on confidentiality and integrity.
The GitHub security advisory (GHSA-mcwr-5469-pxj4) confirms the vulnerability in the lollms-webui codebase and states that, as of the CVE publication on March 24, 2026, no patched versions are available. Security practitioners should monitor the repository for updates and consider network segmentation or disabling the proxy endpoint until remediation is released.
Details
- CWE(s)