CVE-2026-33626

HIGH · 7.5

hype MIXED · 38 hack

Patch exists; "in the wild" claims unsubstantiated; no KEV, no confirmed PoC, amplified social panic.

What: Server-Side Request Forgery (SSRF) in LMDeploy's load_image() function (vision-language module) allowing unauthenticated access to cloud metadata and internal networks. CVSS 7.5 HIGH.

Why it matters: Patch available (v0.12.3 released 2026-04-20), but not KEV-listed yet. Social chatter claims "in the wild" exploitation within 13 hours of disclosure—however, this claim lacks credible PoC links or defender triage reports. LLM inference pipelines handling untrusted image URLs are at risk if unpatched.

Where it's seen: Viral alarm posts on X and Bluesky repeating "exploited in the wild" headline; no public PoC repo, no vendor emergency advisory beyond normal patch release, no CISA KEV listing yet.

RISK: HIGH — SSRF to metadata/internal networks in production LLM infrastructure; patch available but adoption unclear.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 5/3/2026, 10:05:40 AM

Public PoCs on GitHub 5 repos

elicpeter/nyx ★ 19 · Rust
Multi-language static analysis with cross-file taint tracking. Scan your repo, triage findings in your browser, commit triage state with your code. No cloud, no account.
webpro255/awesome-ai-agent-attacks ★ 10
A curated timeline of real AI agent security incidents, breaches, and vulnerabilities (2024-2026). Every entry sourced and dated.
kymotsujason/cybersec-daily ★ 0
Just some cybersecurity news
cerealcoders/runwayzero ★ 0 · HTML
An AI-Powered Vulnerability Impact Agent
baba-yu/news ★ 0

Articles & coverage 15 articles

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models (LLMs), has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as **CVE-2026-33626** (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensi
CVE-2026-33626 - LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
##### CVE-2026-33626. ##### LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading. LMDeploy is a toolkit for compressing, deploying, and serving large language models. The following products are affected by `CVE-2026-33626` vulnerability. Even if `cvefeed.io` is aware of the exact versions of the products that are affected, the information is not represented i
CVE-2026-33626 Exploited in 13 Hours: Patch Immediately - LinkedIn
LMDeploy CVE-2026-33626 got exploited fast. Really fast. Attackers moved within 13 hours of public disclosure.Shows how quickly threat
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of ...
CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.
CVE-2026-33626 Explained #cybersecurity #AIsecurity ... - YouTube
CVE-2026-33626 is a high-severity SSRF vulnerability in LMDeploy, an open-source toolkit used to deploy and serve large language models.

Page 1 of 3

› NVD details 1 CWE ·1 vendor · 5 refs expand

Description

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.

Weaknesses

CWE-918

Vendors

internlm

Products

lmdeploy

References

Patches & fixes · 4