VYPR

PyPI package

sglang

pkg:pypi/sglang

Vulnerabilities (5)

  • CVE-2026-7669MedMay 2, 2026
    affected <= 0.5.9

    A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trust_remote_code with the input

  • CVE-2026-3989HigMar 12, 2026
    affected < 0.5.10fixed 0.5.10

    SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.

  • CVE-2026-3060CriMar 12, 2026
    affected < 0.5.10fixed 0.5.10

    SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.

  • CVE-2026-3059CriMar 12, 2026
    affected < 0.5.10fixed 0.5.10

    SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.

  • CVE-2025-10164HigSep 9, 2025
    affected < 0.5.4fixed 0.5.4

    A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The e