LMDeploy vulnerability exploited, highlighting AI infrastructure risks

As outlined in The Hacker News, a critical security flaw in LMDeploy, an open-source toolkit for managing large language models (LLMs), is being actively exploited in the wild. This vulnerability, identified as CVE-2026-33626, allows for server-side request forgery (SSRF) and poses a significant risk to systems utilizing the toolkit.

The SSRF vulnerability resides within LMDeploy's vision-language module, specifically in the load_image() function, which fails to validate internal or private IP addresses when fetching URLs. This allows attackers to access sensitive cloud metadata services, internal networks, and other resources.

Researchers at Sysdig detected exploitation attempts within 13 hours of the vulnerability's public disclosure, observing attackers using the flaw to port scan internal networks, target AWS Instance Metadata Service (IMDS) and Redis instances, and perform out-of-band DNS exfiltration. The exploitation involved multiple requests across different vision-language models to evade detection.

Source: The Hacker News