A high-severity SSRF vulnerability in LMDeploy, an open-source toolkit for large language model deployment, is actively being exploited in the wild within 13 hours of public disclosure. CVE-2026-33626 (CVSS 7.5) could allow attackers to access sensitive systems through Server-Side Request Forgery attacks.