High severity7.8GHSA Advisory· Published Jun 10, 2026· Updated Jun 11, 2026
CVE-2026-46517
CVE-2026-46517
Description
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lmdeployPyPI | <= 0.12.3 | — |
Affected products
1Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.