Product
lmsys sglang
6 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-7304
CVE-2026-7302
CVE-2026-7301
CVE-2026-5760
CVE-2026-3060
CVE-2026-3059
all versions
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-proces
all versions
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to wr
all versions
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.
< 0.5.11
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.ch
>= 0.5.5 and <= 0.5.9
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation m
>= 0.5.5 and <= 0.5.9
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deseria