HackWatch
! High riskVU Vulnerability

LMDeploy CVE-2026-33626 SSRF Vulnerability Exploited Within 13 Hours of Disclosure

Vulnerability coverage focused on affected versions, exploitability and patch or mitigation decisions.

Exploitability matters here. Check exposed versions, prioritize mitigations and patch first where remote access or privilege escalation is possible.
LMDeploy CVE-2026-33626 SSRF Vulnerability Exploited Within 13 Hours of Disclosure - HackWatch vulnerability alert image
HackWatch vulnerability alert image for: LMDeploy CVE-2026-33626 SSRF Vulnerability Exploited Within 13 Hours of Disclosure
Marcin Pocztowski

Infrastructure Security Editor

Marcin Pocztowski

Infrastructure and Vulnerability Response

By: Marcin Pocztowski

Published: Apr 24, 2026

Updated: May 01, 2026

Incident status: Active threat

Corroborating sources: 1

Technical review credentials: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence

Trust note:This alert is maintained under HackWatch's editorial policy, with visible source records, a named responsible editor and a correction channel for disputed facts.

The published article is checked against public sources before publication, and material corrections are reflected in the article update date.

Technical reviewer note: Marcin Pocztowski reviewed this alert on May 01, 2026 from an administrator's point of view, checking CVE-2026-33626, CVE-2026-33626 against vendor, CVE and advisory context before accepting the risk language. His remediation check is practical: confirm the affected version first, restrict reachable management surfaces as he would on Juniper, Cisco or Mikrotik routers, then patch or apply vendor mitigations only where the 1 corroborating source supports that scope.

Review our editorial policy or send corrections to [email protected].

Active threat. The incident should still be treated as active until confirmed mitigation or patch adoption is verified.

A critical Server-Side Request Forgery (SSRF) vulnerability in LMDeploy, an open-source toolkit used for deploying large language models (LLMs), was actively exploited less than 13 hours after its public disclosure. Tracked as CVE-2026-33626 with a CVSS score of 7.5, this flaw allows attackers to access sensitive internal resources, posing significant risks to organizations relying on LMDeploy. This HackWatch alert reviews documented reporting of the incident, its impact, and actionable guidance on mitigation and securing affected systems.

# LMDeploy CVE-2026-33626 SSRF Vulnerability Exploited Within 13 Hours of Disclosure

What happened

On April 23, 2026, a high-severity security vulnerability was publicly disclosed in LMDeploy, an open-source toolkit widely used for compressing, deploying, and serving large language models (LLMs). The flaw, tracked as CVE-2026-33626, is a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to manipulate LMDeploy servers into making unauthorized requests to internal or external systems.

Alarmingly, threat actors began exploiting this vulnerability in the wild within just 13 hours of the disclosure, underscoring the urgency for organizations to act swiftly. The rapid weaponization of CVE-2026-33626 demonstrates the increasing sophistication and speed of cybercriminal operations targeting AI infrastructure.

Confirmed facts

  • Vulnerability Type: Server-Side Request Forgery (SSRF)
  • CVE Identifier: CVE-2026-33626
  • CVSS Score: 7.5 (High severity)
  • Affected Software: LMDeploy (open-source LLM deployment toolkit)
  • Exploitation Timeline: Active exploitation detected less than 13 hours after public disclosure
  • Impact: Attackers can coerce LMDeploy servers to send unauthorized requests, potentially accessing sensitive internal APIs, metadata services, or other protected resources.
  • Attack Vectors: Exploits leverage the SSRF flaw to bypass network segmentation and firewall rules, enabling data exfiltration or lateral movement within compromised environments.

Who is affected

Organizations and developers using LMDeploy to deploy or serve large language models are directly at risk. This includes:

  • AI research institutions relying on LMDeploy for model hosting
  • Enterprises integrating LLMs into their products or services via LMDeploy
  • Cloud service providers offering managed LMDeploy instances

Given LMDeploy's open-source nature and growing adoption in AI model deployment pipelines, the vulnerability potentially impacts a broad spectrum of sectors, including technology, finance, healthcare, and government agencies.

What to do now

If you use LMDeploy in any capacity, immediate action is critical:

  1. Apply Patches: Update LMDeploy to the latest version where the SSRF vulnerability has been patched. Check the official LMDeploy repository and security advisories for the fixed release.
  2. Audit Logs: Review access and server logs for unusual outbound requests originating from LMDeploy servers, particularly to internal IP ranges or metadata endpoints.
  3. Restrict Network Access: Implement strict egress filtering on LMDeploy servers to limit outbound connections only to trusted destinations.
  4. Rotate Credentials: If LMDeploy servers have access to sensitive credentials or tokens, rotate them to mitigate potential compromise.
  5. Monitor Threat Intelligence: Stay updated with security bulletins and community reports about ongoing exploitation tactics related to CVE-2026-33626.

How to secure yourself

Beyond immediate remediation, organizations should adopt these best practices to bolster defenses:

  • Harden LMDeploy Configuration: Disable unnecessary features that could be exploited via SSRF, such as unrestricted URL fetching.
  • Implement Network Segmentation: Isolate LMDeploy instances from critical internal services to minimize attack surface.
  • Use Web Application Firewalls (WAFs): Deploy WAFs capable of detecting and blocking SSRF attack patterns.
  • Conduct Regular Security Assessments: Periodically test LMDeploy deployments with penetration testing focused on SSRF and related vulnerabilities.
  • Educate Teams: Train DevOps and security teams on emerging threats targeting AI deployment tools.

FAQ

What is CVE-2026-33626?

CVE-2026-33626 is a Server-Side Request Forgery (SSRF) vulnerability found in LMDeploy that allows attackers to trick the server into making unintended requests to internal or external systems.

How does SSRF affect LMDeploy users?

SSRF can let attackers access sensitive internal resources, exfiltrate data, or move laterally within a network by abusing LMDeploy’s request handling.

Am I affected if I use LMDeploy?

If you deploy or serve LLMs using LMDeploy, you are potentially affected and should update to the patched version immediately.

How quickly was this vulnerability exploited?

Exploitation was observed in the wild within 13 hours of the vulnerability’s public disclosure.

What should I do if I suspect my LMDeploy server was compromised?

Immediately patch your LMDeploy instance, audit logs for suspicious activity, rotate credentials, and isolate affected systems.

Are there any known exploits or malware linked to this vulnerability?

While specific malware is not reported, attackers are using automated scripts to exploit the SSRF flaw for reconnaissance and data access.

Can network segmentation prevent SSRF exploitation?

Yes, isolating LMDeploy servers from sensitive internal resources reduces the risk and impact of SSRF attacks.

Has LMDeploy released a fix?

Yes, the LMDeploy maintainers have released a security patch addressing CVE-2026-33626.

How can I stay informed about future vulnerabilities?

Subscribe to LMDeploy security advisories, follow cybersecurity news outlets, and monitor vulnerability databases.

Why this matters

The swift exploitation of CVE-2026-33626 highlights the critical risk posed by SSRF vulnerabilities in AI deployment tools like LMDeploy. As organizations increasingly adopt AI models, the security of underlying deployment infrastructure becomes paramount. Failure to promptly patch and secure these systems can lead to data breaches, intellectual property theft, and disruption of AI services.

This incident serves as a wake-up call for the AI and cybersecurity communities to prioritize secure development and rapid incident response in AI ecosystems.

Sources and corroboration Additional insights were drawn from cybersecurity analyst briefings and vulnerability databases to ensure accuracy and comprehensiveness.

  • The Hacker News: [LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure](https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html)
  • LMDeploy Official Repository and Security Advisories
  • CVE Details and NVD Database

---

Stay vigilant and ensure your AI deployment infrastructure is secured against emerging threats like CVE-2026-33626 to protect your data and maintain operational integrity.

Sources used for this article

The Hacker News

Marcin Pocztowski

Real reviewer profile

Marcin Pocztowski

Infrastructure Security Editor at HackWatch.io

Open reviewer profile

Marcin Pocztowski is the owner of MMPS and an infrastructure security editor for HackWatch. His public technical record spans 20 years, from Security+ evidence dated January 2006 through Juniper, Cisco and RHCSA records, and he reviews server, network and vulnerability-response coverage for source accuracy and practical remediation.

Infrastructure Security Editor: technical-density, source-existence and remediation-logic review for infrastructure and vulnerability coverage.

Coverage focus: Server and network hardening, vulnerability response, patch prioritization and infrastructure security review

Editorial disclosure: This profile is tied to Marcin's LinkedIn, X profile and documented editorial work on HackWatch. Historical certificates are treated as background evidence only, not as current active credentials.

Marcin leads this vulnerability alerts coverage lane at HackWatch. This article is maintained as part of the ongoing editorial watch around "LMDeploy CVE-2026-33626 SSRF Vulnerability Exploited Within 13 Hours of Disclosure".

Technical review: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence

Server and network infrastructure administrationKnown exploited vulnerabilities and patch prioritizationCVSS v4.0 and CISA KEV triage