A critical Server-Side Request Forgery vulnerability in a popular toolkit for deploying large language models is being actively weaponized to compromise AI serving infrastructure. The collapse of the exploit window to less than 13 hours highlights the speed at which adversaries are now automating the weaponization of new disclosures.
Tracked as CVE-2026-33626, the vulnerability impacts LMDeploy. An attacker can supply a malicious request that forces the server to interact with internal network resources or exfiltrate sensitive cloud metadata. This provides a direct path to steal LLM API keys and service account tokens from the host environment.
AI infrastructure is frequently deployed in segments with broad internal permissions to facilitate high-speed data processing. When an SSRF vulnerability exists in the serving layer, it effectively turns the AI model itself into a pivot point for unauthenticated access to the underlying cloud control plane.
– Immediately update LMDeploy to version 0.7.1 or higher to neutralize the SSRF vulnerability.
– Implement strict network egress filtering for all LLM serving nodes to prevent unauthorized connections to internal metadata services.
– Utilize a Web Application Firewall ❨WAF❩ to detect and block SSRF-style request patterns targeting the AI API.
– Audit all cloud IAM permissions for AI service accounts to ensure they adhere to the principle of least privilege.
The rapid exploitation of AI deployment tools demonstrates that these platforms are now a primary target for automated cloud-native reconnaissance. #CodeDefence #AISecurity #SSRF #LMDeploy
/
