CVE-2026-7301
published 2026-05-18CVE-2026-7301: SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages…
PriorityP349critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.40%
31.8th percentile
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lmsys | sglang | — | — |
| sglang | sglang | — | — |
| sglang | sglang | 0.5.5 – 0.5.12 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket
ghsa·2026-05-18
CVE-2026-7301 [CRITICAL] CWE-502 SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket
SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket
SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
VulDB
SGLang 5.10 Incoming Message pickle.loads deserialization (EUVD-2026-30765)
vuldb·2026-05-18·CVSS 9.8
CVE-2026-7301 [CRITICAL] SGLang 5.10 Incoming Message pickle.loads deserialization (EUVD-2026-30765)
A vulnerability was found in SGLang 5.10. It has been rated as critical. The affected element is the function pickle.loads of the component Incoming Message Handler. The manipulation leads to deserialization.
This vulnerability is traded as CVE-2026-7301. It is possible to initiate the attack remotely. There is no exploit available.
GHSA
GHSA-gwv6-pq6m-p3rq: SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0
ghsa_unreviewed·2026-05-18
CVE-2026-7301 [CRITICAL] CWE-502 GHSA-gwv6-pq6m-p3rq: SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
No detection rules found.
No public exploits indexed.
2026-05-18
Published