CVE-2026-33626: How attackers exploited LMDeploy LLM Inference Engines in 12 hours

CVE-2026-33626 is a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy, a toolkit for serving vision-language models, which was exploited within 12 hours of its disclosure. The Sysdig Threat Research Team observed an attacker using this vulnerability to conduct a sophisticated port scan of internal networks, targeting AWS Instance Metadata Service, Redis, MySQL, and other endpoints. This rapid exploitation highlights a trend where attackers leverage detailed advisories to craft exploits quickly, bypassing the need for public proof-of-concept code. The vulnerability exemplifies the risks associated with AI infrastructure, where SSRF vulnerabilities can lead to the exposure of critical cloud metadata and IAM credentials, posing a significant threat to inference deployments. Effective defenses against such vulnerabilities include updating to secure versions, implementing strict egress filtering, and utilizing runtime detection tools to monitor suspicious outbound connections.