🎯Basically, a flaw in LMDeploy lets hackers access sensitive data quickly.
What Happened
A serious security flaw in LMDeploy, an open-source toolkit used for deploying and serving large language models (LLMs), has been actively exploited within just 13 hours of its public disclosure. The vulnerability, identified as CVE-2026-33626, has a CVSS score of 7.5, indicating a high severity level. It involves a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to access sensitive data.
The Flaw
The issue resides in the load_image() function within LMDeploy's vision-language module. This function fetches arbitrary URLs without properly validating internal or private IP addresses. As a result, attackers can exploit this flaw to access cloud metadata services, internal networks, and other sensitive resources. All versions of the toolkit up to 0.12.0 are affected.
Who's Behind It
The vulnerability was discovered and reported by Igor Stepansky, a researcher at Orca Security. Their analysis revealed that the first exploitation attempt was detected just 12 hours and 31 minutes after the vulnerability was made public on GitHub.
Tactics & Techniques
The attacker initiated a sophisticated exploitation attempt by leveraging the vision-language image loader as an HTTP SSRF primitive to port-scan the internal network. The attack unfolded over ten distinct requests in a single eight-minute session, targeting various internal services such as AWS Instance Metadata Service (IMDS) and Redis. The attacker also tested egress capabilities with an out-of-band DNS callback to confirm the SSRF vulnerability.
Defensive Measures
This incident highlights the urgent need for organizations using LMDeploy to apply patches immediately. The rapid exploitation of this vulnerability serves as a stark reminder that threat actors are closely monitoring new vulnerability disclosures and acting before users can implement fixes. Organizations should also consider implementing additional security measures, such as network segmentation and monitoring for unusual traffic patterns.
Conclusion
The swift exploitation of CVE-2026-33626 underscores a troubling trend in the AI infrastructure space, where critical vulnerabilities are weaponized almost immediately after disclosure. This pattern emphasizes the importance of proactive vulnerability management and the need for organizations to stay vigilant against emerging threats.
🔒 Pro insight: The rapid exploitation of CVE-2026-33626 highlights the need for immediate patching and proactive monitoring in AI infrastructure.
