Sglang
Sign in to watchby Sgl Project
Source repositories
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5760 | Cri | 0.64 | 9.8 | 0.00 | Apr 20, 2026 | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment(). | |
| CVE-2026-3989 | Hig | 0.51 | 7.8 | 0.00 | Mar 12, 2026 | SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script. | |
| CVE-2025-10164 | Hig | 0.40 | 7.3 | 0.00 | Sep 9, 2025 | A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. |