CRITICAL🇵🇱 Wersja polska

CVE-2026-7304

CVSS 9.8v3.1pub. 2026-05-18upd. 2026-05-19

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.

🤖 AI Analysis
How it works

When SGLang is run with the --enable-custom-logit-processor flag, the application deserializes Python objects using the dill.loads() function without any validation or verification of input data. The dill library allows serialization and deserialization of almost any Python objects, including executable code. An attacker can send a specially crafted malicious payload over the network that, when deserialized, causes arbitrary code execution in the context of the SGLang process.

Impact

An unauthenticated remote attacker can execute arbitrary code on the server (RCE), leading to complete system compromise, disclosure of sensitive data, data modification, or disruption of service availability.

Mitigation & patch

Apply patches available from the vendor according to references. Until updates are applied, do not run SGLang with the --enable-custom-logit-processor option, especially in environments accessible from untrusted networks. Access to SGLang endpoints should be restricted by firewall to trusted sources only.

Who is affected

Lmsys SGLang — installations run with the --enable-custom-logit-processor option; specific versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lmsys Sglang

    APP
    Lmsys
    0.5.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-7301CRITICAL9.8PL ✓ten sam produkt

RCE w SGLang przez niebezpieczną deserializację pickle na gnieździe ROUTER

CVE-2026-7302CRITICAL9.1PL ✓ten sam produkt

SGLang: path traversal umożliwiający zapis dowolnych plików bez uwierzytelnienia

CVE-2026-5760CRITICAL9.8PL ✓ten sam produkt

SGLang: RCE przez niezabezpieczony silnik Jinja2 w endpoincie reranking

CVE-2026-3059CRITICAL9.8PL ✓ten sam produkt

RCE w SGLang przez deserializację pickle bez uwierzytelnienia (ZMQ broker)

CVE-2026-3060CRITICAL9.8PL ✓ten sam produkt

SGLang: nieuwierzytelnione RCE przez deserializację pickle w module disaggregation