Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by lmsys
CVE-2026-10775 (GCVE-0-2026-10775)
Vulnerability from cvelistv5 – Published: 2026-06-03 22:15 – Updated: 2026-06-04 13:38
VLAI
Title
sgl-project SGLang Cache data_hash denial of service
Summary
A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Denial of Service
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368138 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368138/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10775 | third-party-advisory |
| https://vuldb.com/submit/831438 | third-party-advisory |
| https://github.com/sgl-project/sglang/issues/25462 | exploitissue-tracking |
| https://github.com/sgl-project/sglang/pull/22033 | issue-trackingpatch |
| https://github.com/sgl-project/sglang/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sgl-project | SGLang |
Affected:
0.5.0
Affected: 0.5.1 Affected: 0.5.2 Affected: 0.5.3 Affected: 0.5.4 Affected: 0.5.5 Affected: 0.5.6 Affected: 0.5.7 Affected: 0.5.8 Affected: 0.5.9 Affected: 0.5.10 Affected: 0.5.11 cpe:2.3:a:sgl-project:sglang:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10775",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:35:58.281057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T13:38:02.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/831438"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/sgl-project/sglang/pull/22033"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:sgl-project:sglang:*:*:*:*:*:*:*:*"
],
"modules": [
"Cache Handler"
],
"product": "SGLang",
"vendor": "sgl-project",
"versions": [
{
"status": "affected",
"version": "0.5.0"
},
{
"status": "affected",
"version": "0.5.1"
},
{
"status": "affected",
"version": "0.5.2"
},
{
"status": "affected",
"version": "0.5.3"
},
{
"status": "affected",
"version": "0.5.4"
},
{
"status": "affected",
"version": "0.5.5"
},
{
"status": "affected",
"version": "0.5.6"
},
{
"status": "affected",
"version": "0.5.7"
},
{
"status": "affected",
"version": "0.5.8"
},
{
"status": "affected",
"version": "0.5.9"
},
{
"status": "affected",
"version": "0.5.10"
},
{
"status": "affected",
"version": "0.5.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.4,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T22:15:10.154Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368138 | sgl-project SGLang Cache data_hash denial of service",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368138"
},
{
"name": "VDB-368138 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368138/cti"
},
{
"name": "CVE-2026-10775 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10775"
},
{
"name": "Submit #831438 | sgl-project/ sglang 0.5.11 Cache Poisoning",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831438"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/sgl-project/sglang/issues/25462"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/sgl-project/sglang/pull/22033"
},
{
"tags": [
"product"
],
"url": "https://github.com/sgl-project/sglang/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-03T17:51:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "sgl-project SGLang Cache data_hash denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10775",
"datePublished": "2026-06-03T22:15:10.154Z",
"dateReserved": "2026-06-03T15:46:16.282Z",
"dateUpdated": "2026-06-04T13:38:02.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7304 (GCVE-0-2026-7304)
Vulnerability from cvelistv5 – Published: 2026-05-18 10:39 – Updated: 2026-05-18 14:04
VLAI
Title
CVE-2026-7304
Summary
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-7304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T14:03:47.406419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:04:23.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SGLang",
"vendor": "SGLang",
"versions": [
{
"status": "affected",
"version": "5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T10:39:52.696Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/sgl-project/sglang/tree/main/python/sglang"
},
{
"url": "https://antiproof.ai/blog/three-rces-in-sglang/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-7304",
"x_generator": {
"engine": "VINCE 3.0.40",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-7304"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-7304",
"datePublished": "2026-05-18T10:39:52.696Z",
"dateReserved": "2026-04-28T11:45:05.762Z",
"dateUpdated": "2026-05-18T14:04:23.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7302 (GCVE-0-2026-7302)
Vulnerability from cvelistv5 – Published: 2026-05-18 10:39 – Updated: 2026-05-18 14:05
VLAI
Title
CVE-2026-7302
Summary
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-7302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T14:05:10.011911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:05:33.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SGLang",
"vendor": "SGLang",
"versions": [
{
"status": "affected",
"version": "5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-35: Path Traversal: \u0027.../...//\u0027",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T10:39:27.474Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/sgl-project/sglang/tree/main/python/sglang"
},
{
"url": "https://antiproof.ai/blog/three-rces-in-sglang/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-7302",
"x_generator": {
"engine": "VINCE 3.0.40",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-7302"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-7302",
"datePublished": "2026-05-18T10:39:27.474Z",
"dateReserved": "2026-04-28T11:44:06.203Z",
"dateUpdated": "2026-05-18T14:05:33.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7301 (GCVE-0-2026-7301)
Vulnerability from cvelistv5 – Published: 2026-05-18 10:38 – Updated: 2026-05-18 14:06
VLAI
Title
CVE-2026-7301
Summary
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-7301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T14:06:17.378524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T14:06:20.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SGLang",
"vendor": "SGLang",
"versions": [
{
"status": "affected",
"version": "5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SGLangs multimodal generation runtime scheduler\u0027s ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T10:38:56.493Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/sgl-project/sglang/tree/main/python/sglang"
},
{
"url": "https://antiproof.ai/blog/three-rces-in-sglang/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-7301",
"x_generator": {
"engine": "VINCE 3.0.40",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-7301"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-7301",
"datePublished": "2026-05-18T10:38:56.493Z",
"dateReserved": "2026-04-28T11:43:42.008Z",
"dateUpdated": "2026-05-18T14:06:20.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5760 (GCVE-0-2026-5760)
Vulnerability from cvelistv5 – Published: 2026-04-20 13:46 – Updated: 2026-04-29 13:23
VLAI
Title
CVE-2026-5760
Summary
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5760",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T14:20:49.607107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T14:22:12.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-20T15:29:54.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/915947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SGLang",
"vendor": "SGLang",
"versions": [
{
"status": "affected",
"version": "8f3097e"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SGLang\u0027s reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment()."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T13:23:42.103Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/Stuub/SGLang-0.5.9-RCE"
},
{
"url": "https://github.com/sgl-project/sglang/pull/23660"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-5760",
"x_generator": {
"engine": "VINCE 3.0.36",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5760"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5760",
"datePublished": "2026-04-20T13:46:23.603Z",
"dateReserved": "2026-04-07T18:02:12.417Z",
"dateUpdated": "2026-04-29T13:23:42.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3060 (GCVE-0-2026-3060)
Vulnerability from cvelistv5 – Published: 2026-03-12 11:37 – Updated: 2026-04-07 18:45
VLAI
Title
CVE-2026-3060
Summary
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3060",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T14:20:47.695650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T14:21:19.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SGLang",
"vendor": "SGLang",
"versions": [
{
"status": "affected",
"version": "0.5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SGLang\u0027 encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T18:45:35.370Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/sgl-project/sglang/blob/main/python/sglang/srt/disaggregation/encode_receiver.py"
},
{
"url": "https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/"
},
{
"url": "https://github.com/sgl-project/sglang/releases/tag/v0.5.10"
},
{
"url": "https://github.com/sgl-project/sglang/pull/20904"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-3060",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3060"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-3060",
"datePublished": "2026-03-12T11:37:37.009Z",
"dateReserved": "2026-02-23T18:17:34.976Z",
"dateUpdated": "2026-04-07T18:45:35.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3059 (GCVE-0-2026-3059)
Vulnerability from cvelistv5 – Published: 2026-03-12 11:37 – Updated: 2026-04-07 18:46
VLAI
Title
CVE-2026-3059
Summary
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3059",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T14:26:09.705237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T14:26:54.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SGLang",
"vendor": "SGLang",
"versions": [
{
"status": "affected",
"version": "0.5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SGLang\u0027s multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T18:46:03.195Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"
},
{
"url": "https://github.com/sgl-project/sglang/blob/main/python/sglang/multimodal_gen/runtime/scheduler_client.py"
},
{
"url": "https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/"
},
{
"url": "https://github.com/sgl-project/sglang/pull/20904"
},
{
"url": "https://github.com/sgl-project/sglang/releases/tag/v0.5.10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-3059",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3059"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-3059",
"datePublished": "2026-03-12T11:37:25.713Z",
"dateReserved": "2026-02-23T18:17:22.540Z",
"dateUpdated": "2026-04-07T18:46:03.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10164 (GCVE-0-2025-10164)
Vulnerability from cvelistv5 – Published: 2025-09-09 18:32 – Updated: 2025-09-10 19:43
VLAI
Title
lmsys sglang update_weights_from_tensor main deserialization
Summary
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.323203 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.323203 | signaturepermissions-required |
| https://vuldb.com/?submit.635919 | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10164",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T19:43:07.437880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T19:43:10.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.635919"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sglang",
"vendor": "lmsys",
"versions": [
{
"status": "affected",
"version": "0.4.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hl4x7eq28 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In lmsys sglang 0.4.6 ist eine Schwachstelle entdeckt worden. Dabei geht es um die Funktion main der Datei /update_weights_from_tensor. Die Bearbeitung des Arguments serialized_named_tensors verursacht deserialization. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T18:32:06.015Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323203 | lmsys sglang update_weights_from_tensor main deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323203"
},
{
"name": "VDB-323203 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323203"
},
{
"name": "Submit #635919 | lmsys sglang \u003e=0.4.6 Deserialization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.635919"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-09T15:28:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "lmsys sglang update_weights_from_tensor main deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10164",
"datePublished": "2025-09-09T18:32:06.015Z",
"dateReserved": "2025-09-09T13:23:20.560Z",
"dateUpdated": "2025-09-10T19:43:10.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}