Lucene search
K

103 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-536 SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

9.8CVSS5.8AI score0.00399EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-535 SGLang: Unauthenticated RCE via --enable-custom-logit-processor

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

9.8CVSS6.4AI score0.00585EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-537 SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS7.4AI score0.01158EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10775

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function datahash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack...

5.3CVSS4.7AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS4.8AI score0.00368EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 12:30 a.m.18 views

EUVD-2026-34185

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function datahash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack...

3.6CVSS5AI score0.0012EPSS
Exploits0References8
NVD
NVD
added 2026/06/03 11:16 p.m.12 views

CVE-2026-10775

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function datahash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack...

5.3CVSS0.0012EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/03 10:15 p.m.10 views

CVE-2026-10775 sgl-project SGLang Cache data_hash denial of service

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function datahash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack...

3.6CVSS5AI score0.0012EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:15 p.m.10 views

CVE-2026-10775

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function datahash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack...

3.6CVSS5AI score0.0012EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/06/03 10:15 p.m.21 views

CVE-2026-10775

CVE-2026-10775 affects sgl-project SGLang Cache Handler, specifically the data_hash function. The issue allows a denial of service via manipulation of data_hash and is restricted to local execution with high attack complexity; exploitation has been publicly disclosed. Affected versions include SG...

5.3CVSS5AI score0.0012EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/03 10:15 p.m.36 views

CVE-2026-10775 sgl-project SGLang Cache data_hash denial of service

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function datahash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack...

3.6CVSS0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-46070

Name of the Vulnerable Software and Affected Versions SGLang versions prior to 0.5.12 Description A flaw exists in the data hash function of the Cache Handler component. This issue allows for a denial of service through manipulation, although the attack is restricted to local execution and requir...

3.6CVSS5.9AI score0.0012EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.10 views

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. Versions of SGLang prior to 0.5.11 contain security vulnerabilities, specifically related to the datahash function in the Cache Handler component, which may lead to...

5.3CVSS4.9AI score0.0012EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/02 12:31 a.m.14 views

EUVD-2026-33833

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References7
NVD
NVD
added 2026/06/01 11:16 p.m.14 views

CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS0.00368EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 11:0 p.m.12 views

CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:0 p.m.9 views

CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 11:0 p.m.43 views

CVE-2026-10300

SGLang 0.5.10.post1 contains a vulnerability in the Inference HTTP Endpoint, specifically in python/sglang/srt/lora/lora_manager.py where manipulation of the lora_path argument can trigger a reachable assertion. The issue is exposed over the network with high attack complexity and no authenticati...

6.3CVSS5.2AI score0.00368EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 11:0 p.m.32 views

CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS0.00368EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. Version SGLang 0.5.10.post1 contains a security vulnerability. This vulnerability stems from an unknown function in the Inference HTTP Endpoint component file...

6.3CVSS4.9AI score0.00368EPSS
Exploits0References6
Rows per page
Query Builder