Imds

2026-05-31
SSRF to the Model, Model to the Cloud: The Inference Layer Is 2026's Softest Attack Surface
Model gateways and inference servers are repeating two decades of solved web-security mistakes — default-open binds, pickle RCE, pre-auth SQLi, and SSRF straight into cloud credentials. A field guide to the AI control plane's softest links and how to harden them before the next 36-hour exploitation window.
ai-infrastructure ai-inference ssrf rce deserialization litellm vllm ollama imds cisa-kev trend-analysis
vulnerabilities 2026-04-26
LMDeploy CVE-2026-33626: SSRF in LLM Inference Server Exploited 12 Hours After Disclosure, Honeypot Sees AWS IMDS Theft
A 7.5-severity SSRF in Shanghai AI Lab's LMDeploy LLM serving toolkit was hit in the wild within 12h31m of the GitHub advisory. Sysdig's honeypot caught an attacker using the vision-language image loader to scrape AWS instance metadata, then pivot to internal Redis and MySQL.
lmdeploy cve-2026-33626 ssrf ai-infrastructure aws imds llm cloud-security
vulnerabilities 2026-04-24
LMDeploy SSRF (CVE-2026-33626) Weaponized in 12 Hours to Loot GPU IAM Credentials
A Server-Side Request Forgery in LMDeploy's vision-language image loader turned LLM inference nodes into SSRF primitives for cloud metadata theft — exploited 12 hours and 31 minutes after disclosure.
ssrf lmdeploy ai-infrastructure imds cloud-metadata cve-2026-33626

SSRF to the Model, Model to the Cloud: The Inference Layer Is 2026's Softest Attack Surface