CVE-2026-7304

CRITICAL

SGLang - Unauthenticated Remote Code Execution via Pickle Deserialization

Title source: llm

Description

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.

References (2)

Core 2

Core References

https://github.com/sgl-project/sglang/tree/main/python/sglang

https://antiproof.ai/blog/three-rces-in-sglang/

Scores

CVSS v3 9.8

EPSS 0.0059

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-502

Status published

Products (3)

lmsys/sglang 0.5.10

pypi/sglang 0.4.1.post7 - 0.5.12PyPI

SGLang/SGLang 5.10

Published May 18, 2026

Tracked Since May 18, 2026