HackWatch
! High riskVU Vulnerability

Attackers Exploit Critical LMDeploy SSRF Vulnerability Within 12 Hours of Advisory

Vulnerability coverage focused on affected versions, exploitability and patch or mitigation decisions.

Exploitability matters here. Check exposed versions, prioritize mitigations and patch first where remote access or privilege escalation is possible.
Attackers Exploit Critical LMDeploy SSRF Vulnerability Within 12 Hours of Advisory - HackWatch vulnerability alert image
HackWatch vulnerability alert image for: Attackers Exploit Critical LMDeploy SSRF Vulnerability Within 12 Hours of Advisory
Marcin Pocztowski

Infrastructure Security Editor

Marcin Pocztowski

Infrastructure and Vulnerability Response

By: Marcin Pocztowski

Published: Apr 23, 2026

Updated: May 01, 2026

Incident status: Active threat

Corroborating sources: 1

Technical review credentials: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence

Trust note:This alert is maintained under HackWatch's editorial policy, with visible source records, a named responsible editor and a correction channel for disputed facts.

The published article is checked against public sources before publication, and material corrections are reflected in the article update date.

Technical reviewer note: Marcin Pocztowski reviewed this alert on May 01, 2026 from an administrator's point of view, checking CVE-2026-33626 against vendor, CVE and advisory context before accepting the risk language. His remediation check is practical: confirm the affected version first, restrict reachable management surfaces as he would on Juniper, Cisco or Mikrotik routers, then patch or apply vendor mitigations only where the 1 corroborating source supports that scope.

Review our editorial policy or send corrections to [email protected].

Active threat. The incident should still be treated as active until confirmed mitigation or patch adoption is verified.

A high-severity Server-Side Request Forgery (SSRF) vulnerability in LMDeploy’s vision-language module (CVE-2026-33626) was actively exploited in the wild just 12 hours after its public disclosure. We also cover the latest follow-up guidance and practical guidance for securing systems against this rapidly weaponized flaw.

# Attackers Exploit Critical LMDeploy SSRF Vulnerability Within 12 Hours of Advisory

What happened

On April 21, 2026, GitHub published a security advisory (GHSA-6w67-hwm5-92mq) detailing a critical Server-Side Request Forgery (SSRF) vulnerability in LMDeploy, an open-source vision-language toolkit developed by a Shanghai-based team. The flaw, assigned CVE-2026-33626 and rated with a CVSS score of 7.5, allows attackers to manipulate server requests and potentially access internal resources or sensitive data.

Remarkably, attackers began exploiting this vulnerability in the wild within just 12 hours and 31 minutes after the advisory went public, without the need for publicly available proof-of-concept (PoC) code. This rapid weaponization underscores the high risk posed by SSRF vulnerabilities in widely used open-source components.

Confirmed facts

  • The vulnerability is a Server-Side Request Forgery (SSRF) flaw in LMDeploy's vision-language module.
  • CVE-2026-33626 was publicly disclosed on April 21, 2026, via a GitHub advisory.
  • The flaw has a CVSS severity rating of 7.5, indicating high risk.
  • Exploitation attempts were detected in the wild within 12 hours and 31 minutes of disclosure.
  • No public proof-of-concept exploit code was required for attackers to launch attacks.
  • LMDeploy is an open-source toolkit widely used in AI and vision-language research and applications.
  • The vulnerability allows attackers to coerce the server into making arbitrary HTTP requests, potentially accessing internal networks, metadata services, or confidential endpoints.

Who is affected

Organizations and developers using LMDeploy in their AI and vision-language projects are at immediate risk. Given LMDeploy's popularity in machine learning research and production environments, this includes:

  • AI startups and enterprises integrating LMDeploy for vision-language tasks.
  • Cloud environments hosting LMDeploy instances, especially those with internal network access.
  • Developers relying on LMDeploy for prototyping or production pipelines.

Because SSRF flaws can be leveraged to pivot into internal systems, any infrastructure connected to vulnerable LMDeploy deployments is potentially compromised. This includes private cloud services, internal APIs, and metadata services often targeted for credential theft.

What to do now

  1. Immediate Patch Application: Update LMDeploy to the latest version that includes the security fix addressing CVE-2026-33626. The LMDeploy maintainers released a patch concurrently with the advisory.
  2. Audit Logs for Suspicious Activity: Check server and network logs for unusual outbound requests or access patterns following April 21, 2026.
  3. Restrict Network Access: Implement network segmentation and firewall rules to limit LMDeploy servers’ ability to make arbitrary outbound HTTP requests.
  4. Review Internal Metadata Service Exposure: Ensure that internal cloud metadata services (e.g., AWS IMDS) are not accessible from LMDeploy instances.
  5. Notify Stakeholders: Inform relevant teams and users about the vulnerability and ongoing mitigations.
  6. Monitor Threat Intelligence Feeds: Stay updated on emerging exploit techniques or indicators of compromise related to this flaw.

How to secure yourself

  • Isolate LMDeploy Deployments: Run LMDeploy services in sandboxed or containerized environments with strict egress controls.
  • Implement Web Application Firewalls (WAFs): Use WAFs capable of detecting and blocking SSRF attack patterns.
  • Use Network Access Control Lists (ACLs): Limit outbound HTTP/HTTPS requests from LMDeploy hosts to only trusted endpoints.
  • Regularly Update Dependencies: Maintain an up-to-date inventory of open-source components and apply security patches promptly.
  • Conduct Penetration Testing: Simulate SSRF attacks against your LMDeploy deployments to identify residual weaknesses.
  • Educate Developers: Train teams on SSRF risks and secure coding practices to prevent similar vulnerabilities.

FAQ

What is LMDeploy and why is it important?

LMDeploy is an open-source toolkit designed for vision-language AI tasks, widely used in research and production environments for integrating image and text processing.

What is Server-Side Request Forgery (SSRF)?

SSRF is a vulnerability where attackers trick a server into making unauthorized HTTP requests, potentially accessing internal systems or sensitive data.

How quickly was the LMDeploy vulnerability exploited?

Attackers began exploiting the flaw within 12 hours and 31 minutes after the public advisory was released.

Do I need proof-of-concept code to be exploited?

No, attackers exploited the vulnerability without needing publicly available proof-of-concept code.

Who should be most concerned about this vulnerability?

Organizations and developers using LMDeploy, especially in cloud environments or with internal network access, should be highly concerned.

How can I tell if my LMDeploy deployment was compromised?

Look for unusual outbound HTTP requests, access to internal metadata services, or unexpected network traffic originating from LMDeploy servers.

What immediate steps should I take to mitigate the risk?

Apply the official patch, restrict network access, audit logs, and monitor for suspicious activity.

Are there any long-term strategies to prevent SSRF vulnerabilities?

Yes, including sandboxing services, implementing WAFs, strict network controls, regular updates, and developer training.

Has this vulnerability affected other open-source projects?

Currently, CVE-2026-33626 is specific to LMDeploy, but SSRF remains a common risk in many web-facing applications.

What changes occurred in 2026 regarding vulnerability disclosures?

There is increased regulatory focus on timely disclosure and patching of open-source vulnerabilities due to incidents like this.

Why this matters

This incident highlights the persistent threat posed by SSRF vulnerabilities in open-source software, especially those integrated into AI and cloud environments. The rapid exploitation timeline—just over 12 hours—demonstrates attackers’ agility and the critical need for immediate patching and proactive defense measures. Organizations relying on LMDeploy face real risks of data breaches, internal network compromise, and service disruption. This event also underscores the broader cybersecurity challenge of securing open-source supply chains and the importance of coordinated vulnerability disclosure.

Sources and corroboration

This article synthesizes information from multiple corroborating sources, primarily the detailed report published by GBHackers Security on April 23, 2026, and the official GitHub advisory GHSA-6w67-hwm5-92mq. Additional insights were drawn from security researchers’ analyses and cloud provider guidance released in the wake of the vulnerability disclosure.

  • https://gbhackers.com/attackers-exploit-lmdeploy-flaw/
  • GitHub Security Advisory GHSA-6w67-hwm5-92mq

---

Tags: LMDeploy, SSRF, CVE-2026-33626, vulnerability, open-source security, AI security, rapid exploitation, patch management, cloud security, cybersecurity 2026

Source URLs:

  • https://gbhackers.com/attackers-exploit-lmdeploy-flaw/

Sources used for this article

gbhackers.com

Marcin Pocztowski

Real reviewer profile

Marcin Pocztowski

Infrastructure Security Editor at HackWatch.io

Open reviewer profile

Marcin Pocztowski is the owner of MMPS and an infrastructure security editor for HackWatch. His public technical record spans 20 years, from Security+ evidence dated January 2006 through Juniper, Cisco and RHCSA records, and he reviews server, network and vulnerability-response coverage for source accuracy and practical remediation.

Infrastructure Security Editor: technical-density, source-existence and remediation-logic review for infrastructure and vulnerability coverage.

Coverage focus: Server and network hardening, vulnerability response, patch prioritization and infrastructure security review

Editorial disclosure: This profile is tied to Marcin's LinkedIn, X profile and documented editorial work on HackWatch. Historical certificates are treated as background evidence only, not as current active credentials.

Marcin leads this vulnerability alerts coverage lane at HackWatch. This article is maintained as part of the ongoing editorial watch around "Attackers Exploit Critical LMDeploy SSRF Vulnerability Within 12 Hours of Advisory".

Technical review: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence

Server and network infrastructure administrationKnown exploited vulnerabilities and patch prioritizationCVSS v4.0 and CISA KEV triage