VYPR

Sglang

by Sgl Project

pypi: sglang

Source repositories

CVEs (8)

  • CVE-2026-7304CriMay 18, 2026
    risk 0.64cvss 9.8epss 0.01

    SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.

  • CVE-2026-7301CriMay 18, 2026
    risk 0.64cvss 9.8epss 0.00

    SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.

  • CVE-2026-7302CriMay 18, 2026
    risk 0.59cvss 9.1epss 0.00

    SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

  • CVE-2026-5760CriApr 20, 2026
    risk 0.57cvss 9.8epss 0.01

    SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

  • CVE-2026-3989HigMar 12, 2026
    risk 0.44cvss 7.8epss 0.00

    SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.

  • CVE-2025-10164HigSep 9, 2025
    risk 0.40cvss 7.3epss 0.00

    A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The…

  • CVE-2026-10300LowJun 1, 2026
    risk 0.17cvss 3.7epss 0.00

    A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora_path leads to reachable assertion. The attack…

  • CVE-2026-10775LowJun 3, 2026
    risk 0.16cvss 3.6epss 0.00

    A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is…