CVE-2026-46517

Source
https://cve.org/CVERecord?id=CVE-2026-46517
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46517.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46517
Aliases
Published
2026-06-09T23:05:43.966Z
Modified
2026-07-08T08:05:17.625199092Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
Details

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46517.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-1188",
        "CWE-915",
        "CWE-94"
    ]
}
References

Affected packages

Git / github.com/internlm/lmdeploy

Affected ranges

Type
GIT
Repo
https://github.com/internlm/lmdeploy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.12.3"
        }
    ]
}

Affected versions

0.*
0.6.5
v0.*
v0.0.10
v0.0.11
v0.0.12
v0.0.13
v0.0.14
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.0a0
v0.1.0a1
v0.1.0a2
v0.10.0
v0.10.1
v0.10.2
v0.11.0
v0.11.1
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.5.2
v0.5.2.post1
v0.5.3
v0.6.0
v0.6.0a0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.7.0
v0.7.0.post1
v0.7.0.post2
v0.7.0.post3
v0.7.1
v0.7.2
v0.7.2.post1
v0.8.0
v0.9.0
v0.9.1
v0.9.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46517.json"