VYPR
Vendor

Lmsys

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2026-5760CriApr 20, 2026
    risk 0.57cvss 9.8epss 0.01

    SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

  • CVE-2026-3060CriMar 12, 2026
    risk 0.57cvss 9.8epss 0.01

    SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.

  • CVE-2026-3059CriMar 12, 2026
    risk 0.57cvss 9.8epss 0.02

    SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.

  • CVE-2026-10775LowJun 3, 2026
    risk 0.16cvss 3.6epss 0.00

    A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is…