CVE-2026-33626 HIGH

CVE-2026-33626: LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

Vendor Internlm

Product lmdeploy

Weakness CWE-918 · SSRF

Published April 20, 2026

Last update April 21, 2026

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.

Key dates

02Disclosure timeline

April 20, 2026 CVE published

April 21, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-33626 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

CVE-2026-33626: LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

01Description

02Disclosure timeline

03References

04Related CVE