73 matches found
LMDeploy - Server-Side Request Forgery
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in the vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal or...
CVE-2026-46432
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the model initialization process when trustremotecode=True is hardcoded in multiple HuggingFace model-loading call sites. An attacker can execute arbitrary code by supplying a malicious model repository...
CVE-2026-46432
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...
CVE-2026-46517
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
lmdeploy 代码注入漏洞
lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability, which stems from the hard-coded trustremotecode=True setting. This vulnerability could lead to remote code execution within the...
lmdeploy 代码注入漏洞
lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of lmdeploy prior to 0.12.3 have a code injection vulnerability. This vulnerability stems from the hardcoding of trustremotecode=True at multiple HuggingFace model loading points, which may allow...
CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
EUVD-2026-35874
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
CVE-2026-46517
LMDeploy has a hardcoded trust_remote_code=True path in multiple code locations (e.g., get_model_arch and related calls) that is invoked for every model load. This creates an implicit unsafe remote-code load path when loading HuggingFace models from a repository, with no user opt-out or CLI flag ...
CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...
CVE-2026-46432 LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...
EUVD-2026-35873
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...
CVE-2026-46432
CVE-2026-46432 (LMDeploy) affects lmdeploy
CVE-2026-46432 LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...
CVE-2026-46432 LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...
GHSA-9XQ9-36W5-Q796 lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
📋 Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "getmodelarch and related helpers hardcode trustremotecode=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this repor...
lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
📋 Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "getmodelarch and related helpers hardcode trustremotecode=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this repor...
GHSA-M549-QQ94-FVHG LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
Summary lmdeploy hardcodes trustremotecode=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trustremotecode=True into HuggingFace Transformers APIs such as AutoConfig.frompretrained,...