CVE-2026-7302

CRITICAL

SGLang - Unauthenticated Path Traversal and Arbitrary File Write via Upload Filename

Title source: llm

Description

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

References (2)

Core 2

Core References

https://github.com/sgl-project/sglang/tree/main/python/sglang

https://antiproof.ai/blog/three-rces-in-sglang/

Scores

CVSS v3 9.1

EPSS 0.0039

EPSS Percentile 30.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-35

Status published

Products (3)

lmsys/sglang 0.5.10

pypi/sglang 0.5.5 - 0.5.12PyPI

SGLang/SGLang 5.10

Published May 18, 2026

Tracked Since May 18, 2026