CVE-2026-7302

Vulnerability

The multimodal generation runtime in SGLang (versions v0.5.5 and later, as per reference [1]) is vulnerable to an unauthenticated path traversal attack. By including ../ sequences in the upload filename when sending requests to the HTTP API of the multimodal runtime, an attacker can write arbitrary files to any location the server process has write access to. The vulnerability requires that the multimodal runtime is enabled and the HTTP API is reachable [1].

Exploitation

An unauthenticated attacker with network access to the multimodal runtime's HTTP API can craft an upload request containing a filename with ../ sequences (e.g., ../../../tmp/malicious.so). No authentication is required, and the attacker does not need any prior privileges or user interaction. The server processes the filename without proper sanitization, writing the uploaded content to the resulting path [1].

Impact

Successful exploitation allows the attacker to write arbitrary files on the host filesystem where the SGLang server process has write permissions. This can lead to remote code execution (RCE) if the attacker writes executable files (e.g., scripts, shared libraries) that are later executed by the server or other system components. The attacker gains the ability to compromise the server's integrity and confidentiality, and potentially pivot to lateral movement within the network [1].

Mitigation

As of publication date (2026-05-18), no official patch is available from the vendor. The vendor did not respond during coordinated disclosure with CERT/CC (case VU#777338). Administrators should disable the multimodal runtime if not required, or restrict network access to the HTTP API (e.g., via firewall rules, reverse proxy authentication). Users are advised to monitor the SGLang GitHub repository [2] for future patches and updates [1].