CVE-2026-33340 identifies a critical vulnerability in ParisNeo's lollms-webui, a web user interface for managing large language and multimodal AI systems. The vulnerability is a Server-Side Request Forgery (SSRF) flaw located in the /api/proxy POST endpoint, which does not require any authentication (CWE-306: Missing Authentication for Critical Function). This endpoint allows attackers to coerce the server into making arbitrary HTTP GET requests to internal or external resources. Exploiting this flaw, attackers can access internal services that are not exposed externally, perform reconnaissance by scanning local network resources, and extract sensitive cloud metadata such as AWS or GCP IAM tokens, which can lead to further privilege escalation and data exfiltration. The vulnerability affects all known versions up to commit 8c5dcef63d847bb3d027ec74915d8fe4afd3014e, with no patches currently available. The CVSS v3.1 score is 9.1 (critical), reflecting the ease of exploitation (no authentication or user interaction required), and the high impact on confidentiality and integrity. While no known exploits are currently observed in the wild, the potential for severe damage is significant given the nature of the affected systems and the sensitive data at risk.

The impact of CVE-2026-33340 is substantial for organizations using ParisNeo's lollms-webui, especially those deploying it in cloud environments or within sensitive internal networks. Successful exploitation can lead to unauthorized access to internal services, which may include databases, administrative interfaces, or other critical infrastructure components. Attackers can leverage the SSRF to perform lateral movement within the network, escalate privileges by stealing cloud IAM tokens, and exfiltrate sensitive data. This compromises confidentiality and integrity of organizational data and systems. Additionally, the lack of authentication means any external attacker with network access to the web UI can exploit this vulnerability, increasing the attack surface. The absence of patches further exacerbates the risk, leaving organizations exposed until mitigations are applied. The vulnerability could also be used as a foothold for more complex attacks, including ransomware or espionage campaigns.

Given the absence of official patches, organizations should implement immediate compensating controls. First, restrict access to the lollms-webui /api/proxy endpoint by enforcing network-level restrictions such as IP whitelisting or VPN-only access. Deploy web application firewalls (WAFs) with custom rules to detect and block suspicious SSRF payloads targeting internal IP ranges or cloud metadata endpoints (e.g., 169.254.169.254). Implement strict egress filtering on servers hosting lollms-webui to prevent unauthorized outbound HTTP requests to internal or cloud metadata services. Monitor logs for unusual outbound requests or proxy usage patterns indicative of SSRF exploitation attempts. If feasible, disable or remove the vulnerable /api/proxy endpoint until a patch is available. Engage with ParisNeo for updates on patch releases and apply them promptly once available. Additionally, review cloud IAM roles and metadata service configurations to minimize the impact of potential token exposure, such as using instance profiles with least privilege and metadata service access restrictions.