Back to KEVs

CVE-2026-33626

LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

Basic Information

CVE State
PUBLISHED
Reserved Date
March 23, 2026
Published Date
April 20, 2026
Last Updated
April 21, 2026
Vendor
InternLM
Product
lmdeploy
Description
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation
poc
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2026-04-24 18:15:40 UTC) Source

References

https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq https://github.com/InternLM/lmdeploy/pull/4447 https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626 https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2026-04-24 18:15:40 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-33626.yaml 2026-06-01 15:34:44 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nuclei