Package impact
PyPI / sglang
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7304 | critical | 9.8 | 9.8 | 12d ago | SGLang: Unauthenticated RCE via --enable-custom-logit-processor | |||
| CVE-2026-7301 | critical | 9.8 | 9.8 | 12d ago | SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket | |||
| CVE-2026-7302 | critical | 9.1 | 9.1 | 12d ago | SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability | |||
| CVE-2025-10164 | high | 7.3 | 7.3 | 9mo ago | SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor | |||
| CVE-2026-7669 | medium | 5.6 | 5.6 | 28d ago | SGLang has an Improper Input Validation/Injection Issue |