Dossier
LMDeploy
Coverage of LMDeploy in the Nexus archive.
- LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity SSRF vulnerability (CVE-2026-33626) in LMDeploy, an open-source LLM deployment toolkit, was actively exploited in the wild within 13 hours of disclosure. The flaw, rated CVSS 7.5, allows attackers to access sensitive data via server-side request forgery.