The CSRF vulnerability in LocalAI allows attackers to perform unauthorized actions on behalf of a victim without their consent. By crafting a malicious webpage that automatically submits a form to the LocalAI instance running on the victim's machine, attackers can trigger resource-intensive operations. These operations include generating a large number of images, making calls to credit-consuming models, and uploading files to fill disk space. The lack of CSRF tokens or other mitigations in the application makes it vulnerable to such attacks.

An attacker creates a webpage containing a hidden form that is automatically submitted when a victim visits the page. This form is crafted to make POST requests to the victim's LocalAI instance, triggering actions such as image generation or model loading. Since the request appears to come from the victim's own browser, LocalAI processes it as a legitimate request, leading to resource exhaustion, credit depletion, or disk space filling without the victim's knowledge.

Any user running an unpatched version of LocalAI (version 2.7.0) without CSRF protections is vulnerable to this attack. The attack can be carried out without direct network access to the victim's environment, making any user who visits a malicious webpage a potential victim.