Skip to content
The Nexus
SECURITYApr 24 · 07:24 UTCTHE HACKER NEWS[email protected] (The Hacker News)

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity SSRF vulnerability (CVE-2026-33626) in LMDeploy, an open-source LLM deployment toolkit, was actively exploited in the wild within 13 hours of disclosure. The flaw, rated CVSS 7.5, allows attackers to access sensitive data via server-side request forgery.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this