A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure.
The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data.
"A server-side



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html