LMDeploy SSRF Was Exploited Within 12 Hours of Disclosure | Security
A newly disclosed LMDeploy SSRF bug became exploitable in hours, turning exposed vision model endpoints into pivots for metadata theft, internal service discov…
Published on MyPrivateClaw
Apr 23, 2026, 6:38 AM UTC
Coverage date
Apr 23, 2026
Last updated
Apr 25, 2026, 8:04 AM UTC
News summary
This is the kind of story The Edge should treat as operator critical, not just security theater. When an inference stack can be turned into an internal HTTP probe, the risk is not limited to model uptime. It extends to cloud metadata, adjacent services, and the rest of the infrastructure wrapped around the model endpoint.[1] [2] Sysdig says CVE 2026 33626 affected LMDeploy’s handling of image url inputs inside a vision language workflow, allowing server side requests to internal or sensitive destinations. According to Sysdig’s timeline, the first exploitation attempt landed roughly 12 hours after public disclosure, with observed probes aimed at AWS instance metadata, Redis, MySQL, and other local services.[1] Tenable’s CVE record independently describes the issue as an SSRF flaw in LMDeploy versions prior to 0.12.3.[2] Sysdig reports that the attacker used LMDeploy’s image loader as a g…