Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
PyPI/sglang — 8 CVEs · VulnScope
pkg:PyPI/
sglang
8 total CVEs
CRITICAL
5
HIGH
2
MEDIUM
1
✅ Check your installed version
Check
All known vulnerabilities
CRITICAL
9.8
CVE-2026-7304
SGLang: Unauthenticated RCE via --enable-custom-logit-processor
>= 0.4.1.post7, <= 0.5.12
CRITICAL
9.8
CVE-2026-7301
SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket
>= 0.5.5, <= 0.5.12
CRITICAL
9.8
CVE-2026-3059
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker
from 0, < 0.5.10
CRITICAL
9.8
SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module
from 0, < 0.5.10
CRITICAL
9.1
SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability
>= 0.5.5, <= 0.5.12
HIGH
7.8
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization
from 0, < 0.5.10
HIGH
7.3
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor
from 0, < 0.5.4
MEDIUM
5.6
SGLang has an Improper Input Validation/Injection Issue
from 0, <= 0.5.9
CVE-2026-3060
CVE-2026-7302
CVE-2026-3989
CVE-2025-10164
CVE-2026-7669