InternLM CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH InternLM CVE published 2026-06-10

CVE-2026-46517

CVE-2026-46517 is a high-severity vulnerability in LMDeploy, a toolkit for compressing, deploying, and serving large language models. The vulnerability has a CVSS score of 7.8 and is classified as HIGH. It was published on 2026-06-10T00:16:53.827Z and modified on 2026-06-11T12:16:31.507Z. The vulnerability is caused by hardcoded 'trust_remote_code=True' which enables HF supply-chain RCE without user opt-i [truncated]

HIGH InternLM CVE published 2026-06-10

CVE-2026-46432

LMDeploy, a toolkit for compressing, deploying, and serving large language models, is vulnerable to arbitrary code execution. This vulnerability is due to hardcoded 'trust_remote_code=True' in multiple HuggingFace model-loading call sites in versions 0.12.3 and prior. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity.