{"data":{"id":"a7081b64-d3cb-4899-97a9-080e23848ecc","title":"GHSA-m549-qq94-fvhg: LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization","summary":"LMDeploy, a model serving tool, hardcodes `trust_remote_code=True` (a setting that allows executing custom Python code from downloaded models) when loading models from HuggingFace. An attacker who can control which model path the system loads could point it to a malicious model repository, causing arbitrary code execution (running any commands they want) with the privileges of the LMDeploy server process. This affects LMDeploy version 0.12.3 and earlier.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-m549-qq94-fvhg","publishedAt":"2026-05-21T17:30:57.000Z","cveId":"CVE-2026-46432","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["lmdeploy@< 0.13.0 (fixed: 0.13.0)"],"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["LMDeploy","HuggingFace Transformers"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-21T17:30:57.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}