Lucene search
+L

106 matches found

CVE
CVE
added 2026/06/01 11:0 p.m.50 views

CVE-2026-10300

SGLang 0.5.10.post1 contains a vulnerability in the Inference HTTP Endpoint, specifically in python/sglang/srt/lora/lora_manager.py where manipulation of the lora_path argument can trigger a reachable assertion. The issue is exposed over the network with high attack complexity and no authenticati...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 11:0 p.m.34 views

CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS0.00368EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45663

Name of the Vulnerable Software and Affected Versions SGLang version 0.5.10.post1 Description A flaw exists in the Inference HTTP Endpoint component within the file python/sglang/srt/lora/lora manager.py. Remote manipulation of the lora path argument can trigger a reachable assertion, potentially...

6.3CVSS6AI score0.00368EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. Version SGLang 0.5.10.post1 contains a security vulnerability. This vulnerability stems from an unknown function in the Inference HTTP Endpoint component file...

6.3CVSS4.9AI score0.00368EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/05/18 12:31 p.m.7 views

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.31.0) +10 more potentially affected by CVE-2026-7304 via sglang (>=0.4.5 <=0.5.2)

sglang PYPI version =0.4.5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2026-7304 Source advisory: SNYK:PYTHON-SGLANG-17111815...

9.8CVSS5.4AI score0.00585EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 12:31 p.m.12 views

lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-7304 via sglang (>=0.4.5 <=0.4.6.post5)

sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-7304 Source advisory: OSV:GHSA-36M8-W8QF-G76P...

9.8CVSS5.4AI score0.00585EPSS
Exploits0
Snyk
Snyk
added 2026/05/18 12:31 p.m.12 views

Deserialization of Untrusted Data

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the --enable-custom-logit-processor option, which allows untrusted Python objects to be...

9.8CVSS6.1AI score0.00585EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 12:31 p.m.10 views

Deserialization of Untrusted Data

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the ROUTER socket which binds to 0.0.0.0 by default and deserializes incoming messages using...

9.8CVSS6.1AI score0.00399EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 12:31 p.m.8 views

GHSA-QWRP-WGHP-94Q2 SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 12:31 p.m.9 views

GHSA-GWV6-PQ6M-P3RQ SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

9.8CVSS5.8AI score0.00399EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 p.m.16 views

SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

9.8CVSS5.8AI score0.00399EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 p.m.19 views

SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 p.m.13 views

SGLang: Unauthenticated RCE via --enable-custom-logit-processor

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

9.8CVSS6.4AI score0.00585EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

sglang 代码问题漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has code vulnerabilities; one of these vulnerabilities stems from the fact that the ROUTER socket, which handles multi-modal generation during runtime scheduling, is...

9.8CVSS6.5AI score0.00399EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

sglang 代码问题漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has code vulnerabilities; these vulnerabilities arise when the --enable-custom-logit-processor option is enabled, resulting in unvalidated deserialization of Python...

9.8CVSS6.2AI score0.00585EPSS
Exploits0References1
CERT
CERT
added 2026/05/18 12:0 a.m.12 views

SGLang contains two remote code execution and one path traversal vulnerability

Overview Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution RCE, and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an attacker must have...

9.8CVSS6.5AI score0.00585EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/05 2:20 a.m.7 views

CVE-2026-7669

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trustremotecode with the input False as part of Boole...

6.3CVSS6AI score0.00368EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/03 12:31 a.m.5 views

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.31.0) +10 more potentially affected by CVE-2026-7669 via sglang (>=0.4.5 <=0.5.2)

sglang PYPI version =0.4.5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2026-7669 Source advisory: OSV:GHSA-6M5F-673F-5VH7...

6.3CVSS6AI score0.00368EPSS
Exploits0
OSV
OSV
added 2026/05/03 12:31 a.m.9 views

GHSA-6M5F-673F-5VH7 SGLang has an Improper Input Validation/Injection Issue

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...

6.3CVSS5.3AI score0.00368EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/03 12:31 a.m.15 views

SGLang has an Improper Input Validation/Injection Issue

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...

6.3CVSS5.6AI score0.00368EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder