VulnHub

Real-time Cybersecurity News

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

The Hacker News
Actively Exploited
CVEVulnerabilityCritical

Overview

A serious security vulnerability in LMDeploy, a toolkit for managing large language models, has been actively exploited less than 13 hours after being made public. This flaw, designated as CVE-2026-33626, has a CVSS score of 7.5 and involves a Server-Side Request Forgery (SSRF) issue, which attackers can use to gain access to sensitive data. This incident poses significant risks for users and organizations that rely on LMDeploy for deploying and serving machine learning models. Given the rapid exploitation of this vulnerability, companies using LMDeploy should take immediate action to safeguard their systems. The swift response from attackers emphasizes the need for stringent monitoring and prompt patching of critical vulnerabilities.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: LMDeploy toolkit for compressing, deploying, and serving large language models.
  • Action Required: Users should immediately apply any available patches for LMDeploy, review server configurations to mitigate SSRF risks, and monitor for unusual access patterns.
  • Timeline: Disclosed on [date of disclosure]

Original Article Summary

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data. "A server-side

Impact

LMDeploy toolkit for compressing, deploying, and serving large language models.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed on [date of disclosure]

Remediation

Users should immediately apply any available patches for LMDeploy, review server configurations to mitigate SSRF risks, and monitor for unusual access patterns. Organizations are advised to limit network permissions and validate incoming requests to prevent exploitation.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Vulnerability, Critical.

Read Original Article

Related Coverage

French Police Arrest HexDex Hacker Over Mass Data Theft and Leaks

Hackread – Cybersecurity News, Data Breaches, AI and More

French police have arrested a 20-year-old hacker known as HexDex, who is alleged to have stolen and leaked sensitive data from various targets, including government agencies, sports organizations, and private companies. The suspect is accused of orchestrating a series of cyberattacks that compromised a significant amount of confidential information. This incident raises concerns about the security measures in place at these institutions and the potential harm that could come from such data leaks. Authorities are investigating the full extent of the breaches and the impact on those affected. The case serves as a reminder of the ongoing risks posed by cybercriminals and the importance of robust cybersecurity practices.

Apr 24, 2026

Checkmarx supply chain attack impacts Bitwarden npm distribution path

Security Affairs

The Bitwarden command-line interface (CLI) version 2026.4.0 has been compromised as part of the Checkmarx supply chain attack, which introduced malicious code into the bw1.js file through a compromised GitHub Action. This incident raises concerns for users of Bitwarden, a popular password management tool, as the malicious code could potentially expose sensitive information. Researchers are warning that this breach is part of a larger ongoing campaign, which could impact other software and systems if not addressed. Users of the affected version should take immediate action to secure their systems and check for any unauthorized access. This incident serves as a reminder of the vulnerabilities present in software supply chains and the need for vigilance among developers and users alike.

Apr 24, 2026

Bitwarden NPM Package Hit in Supply Chain Attack

SecurityWeek

A recent supply chain attack has targeted the Bitwarden NPM package, linked to a group called TeamPCP. This incident draws parallels to the Shai-Hulud worm, indicating a significant threat to developers using the Bitwarden package for password management solutions. The attack raises concerns about the security of software dependencies, as malicious code can be injected into widely used packages. Developers and organizations relying on Bitwarden should be vigilant and assess their systems for any signs of compromise. The incident underscores the ongoing risks associated with supply chain attacks in the software development ecosystem.

Apr 24, 2026

PhantomRPC: A new privilege escalation technique in Windows RPC

Securelist

Researchers at Kaspersky have identified a new vulnerability in the Remote Procedure Call (RPC) architecture of Windows. This flaw allows an attacker to set up a counterfeit RPC server, which they can then use to gain elevated privileges on a target system. The implications of this vulnerability are significant, as it could enable attackers to execute malicious actions with higher access rights, potentially compromising sensitive data and system integrity. Organizations using affected systems should be vigilant and consider implementing security measures to defend against this exploitation. The discovery emphasizes the need for regular updates and security practices to mitigate such risks.

Apr 24, 2026

A study of 1,000 Android apps finds a privacy policy logging gap

Help Net Security

A recent study examining 1,000 Android apps revealed a significant disconnect between the logging practices of developers and the privacy policies drafted by legal teams. Developers often include log statements for debugging and performance tracking, but these logs may not align with what is disclosed in the apps' privacy policies. This inconsistency raises concerns about compliance with regulations like the General Data Protection Regulation (GDPR), as users may not be fully informed about the data being collected and how it's used. The findings suggest that companies need to improve communication between their development and legal teams to ensure transparency and proper user consent. This gap not only affects user trust but also increases the risk of legal repercussions for the companies involved.

Apr 24, 2026

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Latest news

Cybercriminals have discovered a method to manipulate artificial intelligence systems through indirect prompt injection attacks. This technique tricks AI into revealing sensitive information, executing harmful code, or redirecting users to malicious websites. Such attacks can potentially compromise personal data and security, affecting both individuals and organizations that rely on AI technologies. Researchers emphasize the need for robust security measures to protect against these tactics, as the implications for data privacy and system integrity are significant. Users and companies alike should be aware of these risks and implement strategies to mitigate them.

Apr 24, 2026