Cyber Threat Brief — April 24 2026
⚠️ This report is AI-generated. Always validate findings.
1. LMDeploy LLM Inference SSRF — CVE-2026-33626
TL;DR: SSRF in LMDeploy’s vision-language image loader lets unauthenticated attackers reach cloud metadata, internal services, and exfil credentials. Exploited in the wild within 12 hours of the April 21 advisory — no public PoC needed.
What’s New:
load_image()inlmdeploy/vl/utils.pyfetches arbitrary URLs with zero validation against private/link-local ranges- Sysdig honeypots caught first exploitation at 03:35 UTC April 22 from 103.116.72[.]119 (Hong Kong)
- Attacker probed AWS IMDS (169.254.169.254) for IAM credential theft, then pivoted to localhost Redis (6379) and MySQL (3306)
- Out-of-band callback via
cw2mhnbd.requestrepo[.]comto confirm blind SSRF and egress - Fixed in LMDeploy 0.12.3 with RFC1918/loopback/link-local URL blocklist
Actionable Intel
| Artifact | Type | ATT&CK | Log Source | Action |
|---|---|---|---|---|
103.116.72.119 | Attacker IP | T1190 | Firewall/WAF | Block |
cw2mhnbd.requestrepo.com | OOB callback domain | T1071.001 | DNS/Proxy | Block & hunt |
169.254.169.254 requests from app tier | IMDS probe | T1552.005 | Cloud WAF/VPC flow | Alert on non-instance metadata requests |
POST /v1/chat/completions with image_url pointing to internal IPs | Exploit payload | T1190 | Reverse proxy | WAF rule: block image_url targeting RFC1918/link-local |
/distserve/p2p_drop_connect | Admin endpoint probe | T1046 | App logs | Monitor for unauthenticated access |
Detection
| Source | Rule | Gap |
|---|---|---|
| Splunk ESCU | None | Need: LLM inference endpoint SSRF detection (image_url param with internal IP targets) |
| Elastic | None | Need: SSRF via ML/AI inference API rule |
| Sigma | None | Need: Web application SSRF to cloud metadata service |
Sources: Sysdig blog · GHSA-6w67-hwm5-92mq · GBHackers
2. Breeze Cache WordPress File Upload RCE — CVE-2026-3844
TL;DR: Unauthenticated arbitrary file upload via Breeze Cache plugin’s Gravatar fetching function gives attackers webshell/RCE on WordPress sites. Actively exploited with 170+ attempts logged by Wordfence; patched in 2.4.5.
What’s New:
fetch_gravatar_from_remotefunction lacks file-type validation — attacker uploads.phpfiles as “gravatars”- Exploitable only when “Host Files Locally - Gravatars” setting is enabled (disabled by default, but commonly enabled for GDPR/performance)
- Uploaded webshells land in
wp-content/uploads/or plugin cache directories - 170+ exploitation attempts detected by Wordfence as of April 23
- Cloudways patched in Breeze 2.4.5; all prior versions through 2.4.4 vulnerable
Actionable Intel
| Artifact | Type | ATT&CK | Log Source | Action |
|---|---|---|---|---|
wp-content/uploads/**/*.php | Webshell drop path | T1505.003 | File integrity / WAF | Alert on .php/.phtml/.phar in uploads dir |
| POST to Gravatar/avatar fetch endpoints with external URL params | Exploit request | T1190 | WAF/access logs | Block POST with remote URL to avatar endpoints |
Double-extension files (*.php.jpg, *.phtml) | Upload bypass | T1036.008 | File integrity | Hunt in WordPress upload dirs |
Outbound connections from www-data/apache/nginx user | C2/exfil | T1071.001 | Host firewall/EDR | Alert |
| New files followed by immediate HTTP 200 GET to same path | Webshell activation | T1505.003 | Access logs | Correlate upload-then-access pattern |
Detection
| Source | Rule | Gap |
|---|---|---|
| Splunk ESCU | Web Shell Indicator (generic) | Need: WordPress-specific upload dir PHP file creation rule |
| Elastic | Webshell Detection via File Creation | Need: Tune for wp-content/uploads path |
| Sigma | webshell_detection_file_creation.yml (generic) | Need: WordPress Gravatar endpoint abuse rule |
Sources: BleepingComputer · WP-Firewall advisory · Wordfence
Status Updates
- CVE-2026-39987 (Marimo): Added to CISA KEV April 23; federal deadline May 13. Pre-auth RCE via
/terminal/wsWebSocket. Original brief. - CVE-2026-4681 (PTC Windchill): Still no patch. German police physical outreach continues. Imminent exploitation threat persists. Original brief.
- CVE-2026-33825 (BlueHammer): CISA KEV added April 22; federal deadline May 7. RedSun and UnDefend remain unpatched; all three ITW per Huntress. Original brief.