VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

CVE-2026-33626: SSRF in LMDeploy exploited in under 13 hours

CVE-2026-33626: SSRF в LMDeploy эксплуатировали менее чем за 13 часов

Colleagues, please note: a vulnerability in LMDeploy (CVE-2026-33626) was rapidly exploited.

- Overview: An SSRF in the vision-language module — load_image() fetches arbitrary URLs without validating internal IPs, exposing cloud metadata and internal services.
- Affected: all versions ≤0.12.0 with vision-language. Discovered by Igor Stepansky.
- Exploitation: Sysdig recorded an attack 12 h 31 min after disclosure — scanning IMDS, Redis, MySQL and OOB DNS; attackers modified VLMs to obfuscate activity.

Why it matters: AI infrastructure flaws become working exploits within hours — patch and restrict outbound requests.

What measures will you implement to protect models and infrastructure?

#cybersecurity #Infosec #AI #vulnerabilities

Latest comments

No comments yet.