CVE-2026-33626

HIGH EXPLOITED NUCLEI LAB

LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

Title source: cna

Exploitation Summary

CVE-2026-33626 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including rootdirective-sec. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2026-33626, demonstrating an SSRF vulnerability in LMDeploy's vision-language image loading path. It includes Dockerized environments for both vulnerable (0.12.0) and patched (0.12.3) versions, along with a Python PoC script to test the vulnerability.

Description

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.

Exploits (1)

nomisec WORKING POC

by rootdirective-sec · poc

https://github.com/rootdirective-sec/CVE-2026-33626-Lab

View Code ZIP pw:eip

This repository contains a functional proof-of-concept for CVE-2026-33626, demonstrating an SSRF vulnerability in LMDeploy's vision-language image loading path. It includes Dockerized environments for both vulnerable (0.12.0) and patched (0.12.3) versions, along with a Python PoC script to test the vulnerability.

Classification

Working Poc 100%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: LMDeploy versions 0.12.0 and earlier

No auth needed

Prerequisites: Docker · Docker Compose · Python 3

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed May 13, 2026 Full analysis →

Nuclei Templates (1)

LMDeploy - Server-Side Request Forgery

HIGHby theamanrawat

References (4)

Core 4

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq

X_Refsource_Misc x_refsource_misc

https://github.com/InternLM/lmdeploy/pull/4447

X_Refsource_Misc x_refsource_misc

https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626

View Writeup ZIP pw:eip

X_Refsource_Misc x_refsource_misc

https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3

Scores

CVSS v3 7.5

EPSS 0.0870

EPSS Percentile 92.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Lab Environment

COMMUNITY

Community Lab

https://github.com/InternLM/lmdeploy

https://github.com/rootdirective-sec/CVE-2026-33626-Lab

View in Library

Details

VulnCheck KEV 2026-04-22

CWE

CWE-918

Status published

Products (3)

internlm/lmdeploy < 0.12.3

InternLM/lmdeploy < 0.12.3

pypi/lmdeploy 0PyPI

Published Apr 20, 2026

Tracked Since Apr 21, 2026