"A server-side request forgery (SSRF) vulnerability exists in LMDeploy's vision-language module. The load_image() function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources."
"Successful exploitation of the vulnerability could permit an attacker to steal cloud credentials, reach internal services that aren't exposed to the internet, port scan internal networks, and create lateral movement opportunities."
"The attacker did not simply validate the bug and move on. Instead, over a single eight-minute session, they used the vision-language image loader as a generic HTTP SSRF primitive to port-scan the internal network behind the model server."
A critical SSRF vulnerability in LMDeploy, tracked as CVE-2026-33626, has been exploited within 13 hours of its disclosure. This flaw affects all versions prior to 0.12.0 and allows attackers to access sensitive resources by fetching arbitrary URLs without validating IP addresses. Successful exploitation can lead to the theft of cloud credentials and internal service access. The first exploitation attempt was detected by Sysdig shortly after the vulnerability was published, showcasing the urgency and severity of the issue.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]