CVE-2026-33626
Severity CVSS v4.0:
Pending analysis
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
20/04/2026
Last modified:
23/04/2026
Description
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:internlm:lmdeploy:*:*:*:*:*:*:*:* | 0.12.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626
- https://github.com/InternLM/lmdeploy/pull/4447
- https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3
- https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq
- https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq