Description
A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
References (7)
Core 7
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-368138 | sgl-project SGLang Cache data_hash denial of service
https://vuldb.com/vuln/368138
Signature, Permissions Required signature
permissions-required
VDB-368138 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/368138/cti
Third Party Advisory third-party-advisory
CVE-2026-10775 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10775
Third Party Advisory third-party-advisory
Submit #831438 | sgl-project/ sglang 0.5.11 Cache Poisoning
https://vuldb.com/submit/831438
Exploit exploit
issue-tracking
https://github.com/sgl-project/sglang/issues/25462
Patch issue-tracking
patch
https://github.com/sgl-project/sglang/pull/22033
Product product
https://github.com/sgl-project/sglang/
Scores
CVSS v3
3.6
EPSS
0.0012
EPSS Percentile
2.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-404
Status
published
Products (13)
lmsys/sglang
< 0.5.11
sgl-project/SGLang
0.5.0
sgl-project/SGLang
0.5.1
sgl-project/SGLang
0.5.10
sgl-project/SGLang
0.5.11
sgl-project/SGLang
0.5.2
sgl-project/SGLang
0.5.3
sgl-project/SGLang
0.5.4
sgl-project/SGLang
0.5.5
sgl-project/SGLang
0.5.6
... and 3 more
Published
Jun 03, 2026
Tracked Since
Jun 04, 2026