A new Server-Side Request Forgery (SSRF) flaw in LMDeploy, tracked as CVE-2026-33626, has been weaponized in the wild just 12 hours and 31 minutes after its public GitHub advisory went live. LMDeploy is a toolkit developed by Shanghai AI Laboratory’s InternLM project for serving vision-language and text LLMs through an OpenAI-compatible API, and is widely […] The post New LMDeploy Vulnerability Exploited in the Wild Just 12 Hours After Public Advisory appeared first on Cyber Security News.