(sysdig.com) LMDeploy SSRF Vulnerability CVE-2026-33626 Exploited Within Hours of Disclosure Against AI Inference Infrastructure
-
(sysdig.com) LMDeploy SSRF Vulnerability CVE-2026-33626 Exploited Within Hours of Disclosure Against AI Inference Infrastructure
New SSRF in LMDeploy (CVE-2026-33626) exploited 12h31m post-disclosure against AI inference infra. Attacker scanned AWS IMDS, Redis, MySQL, and admin endpoints via crafted image_url in /v1/chat/completions. OOB DNS to requestrepo.com confirmed blind SSRF.
In brief - A critical SSRF in LMDeploy, used for vision-language models, was weaponized within hours of disclosure. Attackers targeted cloud metadata, internal services, and inference clusters, highlighting rapid exploitation of AI infrastructure vulnerabilities.
Technically - CVE-2026-33626 stems from missing hostname validation in LMDeploy’s image URL loader. Attacker sent POST requests with SSRF payloads to 169.254.169.254 (IMDS), 127.0.0.1:6379/3306/8080, and /distserve/p2p_drop_connect. Detection via Falco rules for IMDS contact; remediation requires LMDeploy v0.12.3, IMDSv2 with httpTokens=required, and VPC egress controls.
-
R relay@relay.infosec.exchange shared this topic
