LMDeploy CVE-2026-33626 SSRF Exploited in the Wild Within 13 Hours of Disclosure

CVE-2026-33626 (CVSS 7.5), a server-side request forgery flaw in LMDeploy — a widely-used open-source toolkit for compressing, deploying, and serving large language models — was exploited in the wild less than 13 hours after public disclosure. The vulnerability allows unauthenticated attackers to trigger server-side requests to arbitrary hosts, potentially reaching internal cloud metadata services, internal APIs, or other sensitive internal endpoints.

LMDeploy is common in production LLM inference stacks for models like Qwen and LLaMA. The speed of weaponization reflects high attacker interest in LLM infrastructure. Users should apply the patch immediately; any internet-exposed LMDeploy instance should be treated as potentially compromised and internal network access from the host reviewed.