11 matches found
EUVD-2026-33833
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
CVE-2026-10300
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
CVE-2026-10300
SGLang 0.5.10.post1 contains a vulnerability in the Inference HTTP Endpoint, specifically in python/sglang/srt/lora/lora_manager.py where manipulation of the lora_path argument can trigger a reachable assertion. The issue is exposed over the network with high attack complexity and no authenticati...
CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
CVE-2026-10300
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
SGLang security vulnerabilities
SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. Version SGLang 0.5.10.post1 contains a security vulnerability. This vulnerability stems from an unknown function in the Inference HTTP Endpoint component file...
PT-2026-45663
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora path leads to reachable assertion. The attack can be launched...
Integer Overflow lead to DOS in API `v2/models/<model-name>/infer`
This report is not public...
CVE-2025-6920
CVE-2025-6920 affects ai-inference-server: the POST /invocations endpoint bypasses API key validation, permitting unauthorized access to inference features and potentially backend resources. Affected: model inference API under /v1/*; root cause: authentication enforcement failure on /invocations....
CVE-2025-6920 Ai-inference-server: authentication bypass via unprotected inference endpoint in api
A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/ endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows...