> TritonInfoSec News
Home / Apr 25, 2026 / Story
0
#3 The Hacker News general April 24, 2026 at 07:24 UTC

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

By [email protected] (The Hacker News)

AI Summary

CVE-2026-33626, a Server-Side Request Forgery vulnerability in LMDeploy (an open-source LLM toolkit), was exploited in the wild within 13 hours of public disclosure. The high-severity flaw (CVSS 7.5) allows attackers to access sensitive data through SSRF attacks against AI model deployment infrastructure.

Read full article → https://thehackernews.com/2026/04/lmdeploy-cve-202…

Relevance score: 88.0/100

# More from April 25

  1. 1
    Firestarter malware survives Cisco firewall updates, security patches BleepingComputer
  2. 2
    New ‘Pack2TheRoot’ flaw gives hackers root Linux access BleepingComputer
  3. 4
    Bitwarden NPM Package Hit in Supply Chain Attack SecurityWeek
  4. 5
    Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks BleepingComputer
  5. 6
    ADT confirms data breach after ShinyHunters leak threat BleepingComputer
  6. 7
    26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases The Hacker News
  7. 8
    NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software The Hacker News
  8. 9
    Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 The Hacker News
  9. 10
    China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors The Hacker News