| CVE-2026-7304 |
critical |
9.8 |
9.8 |
|
|
|
12d ago |
SGLang: Unauthenticated RCE via --enable-custom-logit-processor |
| CVE-2026-7301 |
critical |
9.8 |
9.8 |
|
|
|
12d ago |
SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket |
| CVE-2026-7302 |
critical |
9.1 |
9.1 |
|
|
|
12d ago |
SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability |
| CVE-2025-10164 |
high |
7.3 |
7.3 |
|
|
|
9mo ago |
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor |
| CVE-2026-7669 |
medium |
5.6 |
5.6 |
|
|
|
27d ago |
SGLang has an Improper Input Validation/Injection Issue |
| CVE-2026-3989 |
unknown |
— |
— |
|
|
|
3mo ago |
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization |
| CVE-2026-3060 |
unknown |
— |
— |
|
|
|
3mo ago |
SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module |
| CVE-2026-3059 |
unknown |
— |
— |
|
|
|
3mo ago |
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker |