← back
CVE-2026-33626

LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

CVSS 7.5 HIGHEPSS 45.3%CWE-918
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
InternLM · lmdeploy
public PoCs found1
githubgithub.com/rootdirective-sec/CVE-2026-33626-Lab0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626https://github.com/InternLM/lmdeploy/pull/4447https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq