What is the CVSS score of CVE-2026-33626?

CVE-2026-33626 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Lmdeploy are affected by CVE-2026-33626?

InternLM LMDeploy versions prior to 0.12.3 contain a critical Server-Side Request Forgery vulnerability in the vision-language module that enables remote attackers to access cloud metadata services…. A patch is available.

Is there a public PoC exploit available for CVE-2026-33626?

Yes, a public proof-of-concept exploit is available for CVE-2026-33626. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-33626?

Within 24 hours: inventory all InternLM LMDeploy deployments and identify running versions below 0.12.3; isolate affected instances from production if version cannot be confirmed. Within 7 days: upgrade LMDeploy to version 0.12.3 or later across all environments; validate the upgrade in staging first. Within 30 days: conduct network segmentation audit to restrict LMDeploy instances from accessing cloud metadata endpoints (169.254.169.254, equivalent services) and implement egress filtering to block internal network traversal.

Lmdeploy CVE-2026-33626

EUVD-2026-23970 HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-04-20 GitHub_M

GHSA-6w67-hwm5-92mq

SSRF Lmdeploy

7.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

PoC Detected

Apr 23, 2026 - 13:39 vuln.today

Public exploit code

Patch released

Apr 23, 2026 - 13:39 nvd

Patch available

Re-analysis Queued

Apr 21, 2026 - 16:22 vuln.today

cvss_changed

Patch available

Apr 20, 2026 - 22:31 EUVD

Analysis Generated

Apr 20, 2026 - 21:44 vuln.today

EUVD ID Assigned

Apr 20, 2026 - 21:15 euvd

EUVD-2026-23970

Analysis Generated

Apr 20, 2026 - 21:15 vuln.today

CVE Published

Apr 20, 2026 - 20:29 nvd

HIGH 7.5

DescriptionGitHub Advisory

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The load_image() function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.

Articles & Coverage 1

webflow.sysdig.com CVE-2026-33626: LMDeploy SSRF Vulnerability Exploited in 12 Hours Apr 22, 2026

AnalysisAI

Server-Side Request Forgery (SSRF) in InternLM LMDeploy's vision-language module allows remote unauthenticated attackers to access cloud metadata services, internal networks, and sensitive resources through unvalidated URL fetching in the load_image() function. Affects all versions prior to 0.12.3. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify LMDeploy vision-language API endpoint

Delivery

Craft inference request with malicious URL (metadata service or internal IP)

Exploit

LMDeploy server executes SSRF via load_image()

Execution

Retrieve sensitive data from response (credentials, internal documents, network mapping)

Impact

Leverage exposed credentials for lateral movement or data exfiltration

Access

Identify LMDeploy vision-language API endpoint

Delivery

Craft inference request with malicious URL (metadata service or internal IP)

Exploit

LMDeploy server executes SSRF via load_image()

Execution

Retrieve sensitive data from response (credentials, internal documents, network mapping)

Impact

Leverage exposed credentials for lateral movement or data exfiltration

Vulnerability AssessmentAI

Exploitation	Exploitation requires the LMDeploy deployment to expose the vision-language module's image processing API (specifically any endpoint that accepts user-supplied image URLs and invokes the load_image() function in lmdeploy/vl/utils.py). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Real-world risk is HIGH for deployments exposing LMDeploy's vision-language API to untrusted networks. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker identifies an internet-facing LMDeploy instance with vision-language capabilities deployed in AWS EC2. They send a crafted inference request with an image URL pointing to http://169.254.169.254/latest/meta-data/iam/security-credentials/ (AWS metadata service). …
Remediation	Upgrade to InternLM LMDeploy version 0.12.3 or later immediately, as confirmed by the official release at https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all InternLM LMDeploy deployments and identify running versions below 0.12.3; isolate affected instances from production if version cannot be confirmed. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33626 vulnerability details – vuln.today

Back

Lmdeploy CVE-2026-33626

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

Articles & Coverage 1

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code