Loading market data...
← Back to CVE feed

CVE-2026-46432

HIGH CVSS 7.8 View on NVD ↗

Description

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trust_remote_code=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no publicly available patches.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: Jun 10, 2026 00:16 UTC Modified: Jun 10, 2026 20:19 UTC