cyberMEDIUM2026-04-23 09:05 UTC

Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of Advisory

A critical Server-Side Request Forgery (SSRF) vulnerability in LMDeploy’s vision-language module was exploited in active attacks just 12 hours and 31 minutes after its public disclosure, with no proof-of-concept code required. On April 21, 2026, GitHub published security advisory GHSA-6w67-hwm5-92mq

ORIGINAL SOURCE →via GBHackers Security

⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

[CYBER] Africa faces 86m tonne fuel shortfall by 2040 — Report
[CYBER] Dutch data-breach season continues as Rituals confirms a breach of its loyalty program (41M members across 33+ countries). Exact count not disclosed. Stolen: names, dates of birth, gender, addresses, email, phone nr, store & account types.
[CYBER] Myanmar’s scam centers are America’s problem too
[CYBER] The Credential Vending Revolution: How Polaris Eliminates Long-Lived Keys
[CYBER] U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog
[CYBER] North Korean Fake IT Workers Infiltrate Firms to Dodge Sanctions

Editorial policy · Report a correction