CVE-2026-33626
✓ Confirmed 0-Day
Triaged: April 25, 2026
10 articles
EPSS Score
Source: FIRST.org · 2026-05-24
8.7%
probability
This CVE has a 8.7% probability
of being exploited in the next 30 days.
0%
Top 92.6th percentile of all CVEs
100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
TheHackerNews
May 06, 2026
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
TheHackerNews
May 05, 2026
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
TheHackerNews
May 03, 2026
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
TheHackerNews
May 09, 2026
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
TheHackerNews
May 08, 2026
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
TheHackerNews
May 07, 2026
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
TheHackerNews
Apr 24, 2026
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
TheHackerNews
May 07, 2026
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
TheHackerNews
May 05, 2026
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
TheHackerNews
May 05, 2026
Signal Intelligence
Confidence
85%
EPSS
8.7%
Mentions
10
Last Seen
May 09, 2026
CNA Information
Analyst Note
CVE-2026-33626 in LMDeploy was exploited in the wild within 13 hours of public disclosure, meeting the core zero-day criterion: active attacks documented before meaningful patch availability. The very tight exploitation timeline (13 hours) strongly indicates exploitation preceded or coincided with patch availability.
Triage Info
Decided atApr 25, 2026