A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure.The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data.”A server-side
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html
