Executive Summary

CVE-2026-46432 is a vulnerability in the lmdeploy package (versions 0.12.3 and prior) that allows arbitrary code execution. This happens because lmdeploy hardcodes the parameter `trust_remote_code=True` in multiple HuggingFace model-loading calls. As a result, when loading models, lmdeploy automatically trusts and executes code from remote model repositories without explicit user consent.

Attackers who control the model path can exploit this by pointing to a malicious HuggingFace repository, causing the lmdeploy process to execute arbitrary Python code during model loading.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts because it allows attackers to execute arbitrary code with the privileges of the lmdeploy process.

• Attackers could read sensitive data accessible to the process.
• They could access credentials stored or accessible by the process.
• They could modify the behavior of the application.
• They could execute arbitrary operating system commands.
• They could cause denial of service by disrupting the application.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows arbitrary code execution with the privileges of the lmdeploy process, which could enable attackers to read sensitive data and access credentials.

Such unauthorized access and potential data exposure could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive personal and health information.

However, there is no explicit mention in the provided information about direct impacts on compliance with these standards.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability arises from the presence of hardcoded `trust_remote_code=True` in lmdeploy versions 0.12.3 and prior, specifically in calls to HuggingFace Transformers APIs during model loading.

To detect if your system is vulnerable, you should check the version of lmdeploy installed and inspect the code or configuration for usage of `trust_remote_code=True` in model-loading functions such as `AutoConfig.from_pretrained()`, `PretrainedConfig.get_config_dict()`, or `GenerationConfig.from_pretrained()`.

Suggested commands to detect the vulnerability include:

• Check lmdeploy version: `pip show lmdeploy` or `pip list | grep lmdeploy`
• Search for `trust_remote_code=True` in your lmdeploy installation or project files: `grep -r "trust_remote_code=True" /path/to/lmdeploy`
• Monitor network activity for suspicious connections to external HuggingFace model repositories, which could indicate exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Since no patches are currently available for this vulnerability, immediate mitigation steps focus on reducing exposure and risk.

• Avoid using lmdeploy versions 0.12.3 and earlier until a patched version is released.
• Do not load models from untrusted or external sources, as the vulnerability allows arbitrary code execution via malicious model repositories.
• Restrict network access and permissions of the lmdeploy process to limit potential damage from exploitation.
• Monitor logs and system behavior for unusual activity that could indicate exploitation attempts.

Useful 0 Not Useful 0