High severity7.8GHSA Advisory· Published Jun 10, 2026· Updated Jun 10, 2026
CVE-2026-46432
CVE-2026-46432
Description
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trust_remote_code=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no publicly available patches.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lmdeployPyPI | < 0.13.0 | 0.13.0 |
Affected products
1Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.