HomeCVE Intelligence › CVE-2026-46432
CVSS 7.8 HIGH Vulnerability

CVE-2026-46432: LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model…

Summary lmdeploy hardcodes trust_remote_code=True in multiple HuggingFace model-loading call sites. The affected code paths are in: ``text lmdeploy/archs.py lmdeploy/utils.py `` The vulnerable call sites pass trust_remo…

7.8CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-46432
Vendorpip
Affected Productlmdeploy
Vulnerability TypeVulnerability
CVSS Score7.8 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary lmdeploy hardcodes trust_remote_code=True in multiple HuggingFace model-loading call sites. The affected code paths are in: ``text

lmdeploy/archs.py lmdeploy/utils.py `` The vulnerable call sites pass trust_remote_code=True into HuggingFace Transformers APIs such as AutoConfig.from_pretrained(), PretrainedConfig.get_config_dict(), and GenerationConfig.from_pretrained(). Because the model path is supplied by the operator or deployment configuration, an attacker who can control the model_path` used by an lmdeploy serving process can point it to an attacker-controlled HuggingFace model repository. When lmdeploy starts and initializes the model, Transformers may download and execute remote Python code from that repository. Successful exploitation results in arbitrary c

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-46432 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence