Vulnerabilities in InternLM
6 resultsCVE-2026-33626HIGHLMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image LoadingEPSS 45.3%CVE-2025-67729HIGHlmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()EPSS 0.5%CVE-2025-3163MEDIUMInternLM LMDeploy conf.py open code injectionEPSS 0.3%CVE-2025-3162MEDIUMInternLM LMDeploy PT File utils.py load_weight_ckpt deserializationEPSS 0.3%CVE-2026-46517HIGHLMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-outEPSS 0.1%CVE-2026-46432HIGHLMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initializationEPSS 0.1%