CVE-2026-33626: LMDeploy (Open-source LLM Toolkit)

CVSSawaiting NVD

ExploitationNo exploitation reported

Triage statusUnder Review

ActionSchedule for next cycle

Affected product

LMDeploy (Open-source LLM Toolkit)

Remediation Steps

Update LMDeploy to patched version immediately via pip or package manager
Audit server logs for SSRF attack attempts targeting internal resources
Implement network-level restrictions on outbound requests from LMDeploy instances
Review and restrict IAM permissions for LMDeploy service accounts
Deploy Web Application Firewall rules to block suspicious SSRF patterns

References

https://github.com/InternLM/lmdeploy/releases
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33626
https://nvd.nist.gov/vuln/detail/CVE-2026-33626

Coverage on defend.network

Vulnerability Priority Report – Week 4 of April 2026 (April 27 – May 3)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

Affected product

Remediation Steps

References

Coverage on defend.network

Get Critical CVE Alerts