Skills
CVE-2026-33626: LMDeploy Vision-Language SSRF Exploited Within 13 Hours — Attackers Accessed AWS IMDS, Port-Scanned Internal Networks
A CVSS 7.5 SSRF vulnerability in LMDeploy's load_image() function was weaponized within 12 hours 31 minutes of GitHub disclosure. Attackers used the vision-language image loader as a generic HTTP SSRF primitive to port-scan internal networks behind model servers — targeting AWS IMDS, Redis, MySQL, HTTP admin interfaces, and OOB DNS endpoints in a single 8-minute session. Vision-LLM nodes typically run on GPU instances with broad IAM roles, making one successful IMDS fetch sufficient to compromise a cloud account. Patch or restrict network access to any LMDeploy deployment immediately.
↳ Follow the thread