A critical Server-Side Request Forgery (SSRF) vulnerability in LMDeploy’s vision-language module was exploited in active attacks just 12 hours and 31 minutes after its public disclosure, with no proof-of-concept code required. On April 21, 2026, GitHub published security advisory GHSA-6w67-hwm5-92mq, later assigned CVE-2026-33626, a high-severity SSRF flaw (CVSS 7.5) in LMDeploy, an open-source toolkit developed by Shanghai […] The post Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of Advisory appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/attackers-exploit-lmdeploy-flaw/
