CVE-2026-46432— LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
Possible ATT&CK Techniques 1AI
T1059 · Command and Scripting InterpreterGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-46432
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
Source: NVD (National Vulnerability Database)
Vulnerability Description
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trust_remote_code=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no publicly available patches.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
lmdeploy 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
lmdeploy是InternLM开源的一个用于压缩、部署和服务 LLM 的工具包。 lmdeploy 0.12.3及之前版本存在代码注入漏洞,该漏洞源于在多个HuggingFace模型加载点硬编码trust_remote_code=True,可能导致任意代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-46432
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 7206 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-46432
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-46432 (1)
IV. Related Vulnerabilities
Same product: lmdeploy
- CVE-2026-46517
LMDeploy: Hardcoded trust_remote_code=True is an implicit un - CVE-2026-33626
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) vi - CVE-2025-67729
lmdeploy vulnerable to Arbitrary Code Execution via Insecure - CVE-2025-3163
InternLM LMDeploy conf.py open code injection - CVE-2025-3162
InternLM LMDeploy PT File utils.py load_weight_ckpt deserial
Same vendor: InternLM
- CVE-2026-46517
LMDeploy: Hardcoded trust_remote_code=True is an implicit un - CVE-2026-33626
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) vi - CVE-2025-67729
lmdeploy vulnerable to Arbitrary Code Execution via Insecure - CVE-2025-3163
InternLM LMDeploy conf.py open code injection - CVE-2025-3162
InternLM LMDeploy PT File utils.py load_weight_ckpt deserial
Same weakness: CWE-94
- CVE-2022-50972
WooCommerce 7.1.0 Remote Code Execution via class-wc-meta-bo - CVE-2026-54816
WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execut - CVE-2026-40783
WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Co - CVE-2026-25470
WordPress ACPT (Pro) - Custom Post Types plugin for WordPres - CVE-2026-49113
WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execut
V. Comments for CVE-2026-46432
No comments yet