A critical Server-Side Request Forgery (SSRF) vulnerability in LMDeploy’s vision-language module was exploited in active attacks just 12 hours and 31 minutes after its public disclosure, with no proof-of-concept code required. On April 21, 2026, GitHub published security advisory GHSA-6w67-hwm5-92mq, later assigned CVE-2026-33626, a high-severity SSRF flaw (CVSS 7.5) in LMDeploy, an open-source toolkit developed by Shanghai […]
The post Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of Advisory appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: