Source code and its accompanying comments are complementary yet naturally aligned modalities-code encodes structural logic while comments capture developer intent. However, existing vulnerability detection methods mostly rely on single-modality code representations, overlooking the complementary semantic information embedded in comments and thus limiting their generalization across complex code structures and logical relationships. To address this, we propose MultiVul, a multimodal contrastive framework that aligns code and comment representations through dual similarity learning and consistency regularization, augmented with diverse code-text pairs to improve robustness. Experiments on widely adopted DiverseVul and Devign datasets across four large language models (LLMs) (i.e., DeepSeek-Coder-6.7B, Qwen2.5-Coder-7B, StarCoder2-7B, and CodeLlama-7B) show that MultiVul achieves up to 27.07% F1 improvement over prompting-based methods and 13.37% over code-only Fine-Tuning, while maintaining comparable inference efficiency.
@article{arxiv.2604.25711,
title = {Learning Generalizable Multimodal Representations for Software Vulnerability Detection},
author = {Zeming Dong and Yuejun Guo and Qiang Hu and Yao Zhang and Maxime Cordy and Hao Liu and Mike Papadakis and Yongqiang Lyu},
journal= {arXiv preprint arXiv:2604.25711},
year = {2026}
}