Forensic Summary
A critical SSRF vulnerability in LMDeploy (CVE-2026-33626), an open-source LLM deployment toolkit, was actively exploited within 13 hours of public disclosure, with attackers using the vision-language image loader to probe cloud metadata services, internal networks, and exfiltrate data. The attack pattern demonstrates that AI inference infrastructure is being weaponised at speed comparable to traditional CVE exploitation cycles, with no PoC required. This incident reinforces a broader trend of threat actors treating LLM-serving infrastructure as high-value lateral movement targets.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/lmdeploy-cve-2026-33626-flaw-exploited-within-13-hours-of-disclosure/
Top comments (0)