CVE-2026-33626

Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.12.3

Description A Server-Side Request Forgery (SSRF) issue exists in the vision-language module. The load image() and encode image base64() functions in lmdeploy/vl/utils.py fetch arbitrary URLs without validating internal or private IP addresses. This allows attackers to access internal networks, sensitive resources, and cloud metadata services. An attacker can exploit this by sending a request to the '/v1/chat/completions' endpoint using a malicious image url variable.

Recommendations Update to version 0.12.3. As a temporary workaround, restrict access to the load image() and encode image base64() functions or avoid using the image url variable in the '/v1/chat/completions' endpoint until the update is applied.