All 4 CVE vulnerabilities found in LMDeploy, with AI-generated Chinese analysis, references, and POCs.
Vendor: InternLM
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-33626 | LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading CWE-918 | 7.5 | High | 2026-04-20 |
| CVE-2025-67729 | lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load() CWE-502 | 8.8 | High | 2025-12-26 |
| CVE-2025-3163 | InternLM LMDeploy conf.py open code injection CWE-94 | 5.3 | Medium | 2025-04-03 |
| CVE-2025-3162 | InternLM LMDeploy PT File utils.py load_weight_ckpt deserialization CWE-502 | 5.3 | Medium | 2025-04-03 |
All 4 known CVE vulnerabilities affecting LMDeploy with full Chinese analysis, references, and POCs where available.