Browse all 4 CVE security advisories affecting InternLM. AI-powered Chinese analysis, POCs, and references for each vulnerability.
InternLM is a large language model developed for enterprise AI applications and research purposes. Historically, vulnerabilities associated with InternLM include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, often stemming from input validation flaws and insecure API implementations. The model has accumulated four CVEs to date, with security researchers identifying risks in its web interface and model deployment configurations. While no major public security incidents have been reported, the presence of multiple CVEs suggests ongoing challenges in securing large language model deployments, particularly around user input handling and access control mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33626 | LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading — lmdeployCWE-918 | 7.5 | High | 2026-04-20 |
| CVE-2025-67729 | lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load() — lmdeployCWE-502 | 8.8 | High | 2025-12-26 |
| CVE-2025-3163 | InternLM LMDeploy conf.py open code injection — LMDeployCWE-94 | 5.3 | Medium | 2025-04-03 |
| CVE-2025-3162 | InternLM LMDeploy PT File utils.py load_weight_ckpt deserialization — LMDeployCWE-502 | 5.3 | Medium | 2025-04-03 |
This page lists every published CVE security advisory associated with InternLM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.