Lmsys Sglang vulnerabilities
8 known vulnerabilities affecting lmsys/sglang.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-3059P2CRITICALCVSS 9.8≥ 0.5.5, ≤ 0.5.92026-03-12
CVE-2026-3059 [CRITICAL] CWE-502 CVE-2026-3059: SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
nvd
CVE-2026-3060P2CRITICALCVSS 9.8≥ 0.5.5, ≤ 0.5.92026-03-12
CVE-2026-3060 [CRITICAL] CWE-502 CVE-2026-3060: SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code executio
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
nvd
CVE-2026-7304P2CRITICALCVSS 9.8v0.5.102026-05-18
CVE-2026-7304 [CRITICAL] CWE-502 CVE-2026-7304: SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when th
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.
nvd
CVE-2026-7302P2CRITICALCVSS 9.1v0.5.102026-05-18
CVE-2026-7302 [CRITICAL] CWE-35 CVE-2026-7302: SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerabili
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.
nvd
CVE-2026-5760P2CRITICALCVSS 9.8fixed in 0.5.112026-04-20
CVE-2026-5760 [CRITICAL] CWE-94 CVE-2026-5760: SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file cont
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().
nvd
CVE-2026-7301P3CRITICALCVSS 9.8v0.5.102026-05-18
CVE-2026-7301 [CRITICAL] CWE-502 CVE-2026-7301: SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and cont
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
nvd
CVE-2025-10164P3HIGHCVSS 7.3v0.4.62025-09-09
CVE-2025-10164 [HIGH] CWE-20 CVE-2025-10164: A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the fun
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor wa
nvd
CVE-2026-10775P4MEDIUMCVSS 5.3≤ 0.5.112026-06-03
CVE-2026-10775 [MEDIUM] CWE-404 CVE-2026-10775: A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is
A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploi
nvd