EUVD-2026-23970
GHSA-6w67-hwm5-92mq
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionNVD
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The load_image() function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.
AnalysisAI
Server-Side Request Forgery (SSRF) in InternLM LMDeploy's vision-language module allows remote unauthenticated attackers to access cloud metadata services, internal networks, and sensitive resources through unvalidated URL fetching in the load_image() function. Affects all versions prior to 0.12.3. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: inventory all InternLM LMDeploy deployments and identify running versions below 0.12.3; isolate affected instances from production if version cannot be confirmed. Within 7 days: upgrade LMDeploy to version 0.12.3 or later across all environments; validate the upgrade in staging first. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today