Home β€Ί CVE Intelligence β€Ί CVE-2026-46517
CVSS 7.8 HIGH Vulnerability

CVE-2026-46517: lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path wi…

> πŸ“‹ Reframing (2026-05-02): implicit unsafe remote-code path, not "supply-chain" > > The accurate description of this vulnerability is: > "get_model_arch and related helpers hardcode trust_remote_code=True > with no op…

7.8CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

πŸ“‹ Vulnerability Details

CVE IDCVE-2026-46517
Vendorpip
Affected Productlmdeploy
Vulnerability TypeVulnerability
CVSS Score7.8 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory β†’
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

πŸ”¬ Technical Analysis

>

πŸ“‹ Reframing (2026-05-02): implicit unsafe remote-code path, not "supply-chain"

> > The accurate description of this vulnerability is: > "get_model_arch and related helpers hardcode trust_remote_code=True > with no opt-out, creating an implicit unsafe remote-code load path > on every model fetch." > > What this report does NOT claim: > * It is NOT a network-attack RCE β€” the user supplies the model > reference; LMDeploy honors it. > * It is NOT a "supply chain" CVE in the classical sense (where a > benign upstream is compromised) β€” the user explicitly types the > repo name. > > What this report DOES claim: > * Other inference frameworks (vLLM, TGI, Hugging Face transformers > itself) all expose --trust-remote-code as opt-in so that > users who consciously load known-safe

πŸ“š Advisory References

⚑ DETECTION RULES AVAILABLE

Get CVE-2026-46517 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle β€” deployable in 5 minutes.

βœ“ Sigma Rules βœ“ YARA Pack βœ“ IOC Table βœ“ SIEM Queries
πŸ›‘οΈ Get Detection Pack β†’ πŸ”Œ Access via API β†’

πŸ”— Related Intelligence