CVE-2026-33626 Scanner

LMDeploy is a toolkit designed for compressing, deploying, and serving large language models. It is widely utilized in environments where efficient model deployment is crucial, such as cloud-based AI platforms and research institutions. The software allows seamless integration and functionality across various machine learning applications. Its primary purpose is to facilitate the deployment of AI models with minimal configuration, making it ideal for researchers and developers. With its growing adoption, it plays a significant role in automating and optimizing model-serving workflows. Organizations leverage LMDeploy to ensure high efficiency and performance in AI-driven tasks.

The Server-Side Request Forgery (SSRF) vulnerability allows attackers to manipulate servers to make unintended requests. This specific flaw in LMDeploy can enable unauthenticated individuals to access internal services and cloud metadata by exploiting certain request parameters. It represents a serious security risk, as it can bypass traditional network defenses and directly interface with sensitive resources. SSRF vulnerabilities typically arise from inadequate validation of user-supplied URLs. LMDeploy's failure to validate URL safety allows attackers to target internal systems and potentially disclose information. Being high-severity, it requires prompt attention to mitigate potential damage.

The vulnerability specifically resides in the load_image() function within lmdeploy/vl/utils.py of LMDeploy versions prior to 0.12.3. This function fetches URLs without properly validating internal or private IP addresses. An attacker can exploit this by inserting malicious URLs within the image_url parameter of /v1/chat/completions requests. The server can then be coerced into making requests to internal or external addresses, leading to a variety of security concerns. It's critical to ensure URL handling correctly delineates between valid and potentially harmful destinations. In essence, the vulnerability highlights insufficient input sanitization regarding URL fetching.

Exploitation of this SSRF vulnerability can lead to significant adverse effects. Once an attacker leverages the flaw, they can gain unauthorized access to sensitive cloud services, potentially stealing credentials from metadata services. There is also a risk of internal service enumeration, allowing malicious actors to map internal networks. Further, information disclosure may occur, which can inform other strategic attacks. Organizations could face data breaches, service disruptions, and potential financial losses. Hence, addressing this vulnerability is of utmost importance to prevent security compromises.

REFERENCES

• https://github.com/advisories/GHSA-6w67-hwm5-92mq
• https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq
• https://nvd.nist.gov/vuln/detail/CVE-2026-33626