VDB
GCVE-110-CERTCC-2026-777338
GCVE-110-CERTCC-2026-777338
Advisory Published
### Overview
Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution (RCE), and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an attacker must have network access to the SGLang service. No patch is available at this time, and no response was obtained from the project maintainers during coordination.
### Description
SGLang is an open-source framework for serving large language models (LLMs) and multimodal AI models, supporting models such as Qwen, DeepSeek, Mistral, and Skywork, and is compatible with OpenAI APIs. Three vulnerabilities have been discovered within the tool and are tracked as follows:
**CVE-2026-7301**
The multimodal generation runtime scheduler's ROUTER socket contains a sink that calls `pickle.loads()` on incoming messages, enabling RCE when exposed to the internet.
This vulnerability is distinct from CVE-2026-3060 and CVE-2026-3059, which would be open to the Internet via the ZMQ broker, which automatically binded to all network interfaces without user awareness. CVE-2026-7301 is exposed to the internet by default through the scheduler host, which binds to 0.0.0.0 by default.
**CVE-2026-7302**
The multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including `../` sequences in the upload filename when sent to specific endpoints.
**CVE-2026-7304**
The multimodal generation runtime is vulnerable to unauthenticated remote code execution when the `--enable-custom-logit-processor` option is enabled, as Python objects loaded via `dill.loads()` will be deserialized without validation.
### Impact
If exploited, these vulnerabilities could allow an unauthenticated attacker to achieve remote code execution or arbitrary file writes on the host running SGLang. Deployments that expose the affected interface to untrusted networks are at the highest risk of exploitation.
### Solution
Until a patch is available, affected users should consider the following mitigations:
#### Mitigation
- Restrict access to the service interfaces and ensure they are not exposed to untrusted networks.
- Implement network segmentation and access controls to prevent unauthorized interaction with the vulnerable endpoints.
### Acknowledgements
Thanks to the reporter, Alon Shakevsky. This document was written by Christopher Cullen.
Browse GCVE Records
73,734 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.