3 matches found
GHSA-QWRP-WGHP-94Q2 SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability
SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...
EUVD-2026-11557
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...
CVE-2026-3059
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...