VYPR
Critical severity9.8NVD Advisory· Published May 18, 2026· Updated May 19, 2026

CVE-2026-7304

CVE-2026-7304

Description

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sglangPyPI
>= 0.4.1.post7, <= 0.5.12

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

1