Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN513 _____________________________________________________________________ DATE : 18/05/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running SGLang. ===================================================================== https://www.kb.cert.org/vuls/id/777338 _____________________________________________________________________ SGLang contains two remote code execution and one path traversal vulnerability Vulnerability Note VU#777338 Original Release Date: 2026-05-18 | Last Revised: 2026-05-18 Overview Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution (RCE), and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an attacker must have network access to the SGLang service. No patch is available at this time, and no response was obtained from the project maintainers during coordination. Description SGLang is an open-source framework for serving large language models (LLMs) and multimodal AI models, supporting models such as Qwen, DeepSeek, Mistral, and Skywork, and is compatible with OpenAI APIs. Three vulnerabilities have been discovered within the tool and are tracked as follows: CVE-2026-7301 The multimodal generation runtime scheduler's ROUTER socket contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet. This vulnerability is distinct from CVE-2026-3060 and CVE-2026-3059, which would be open to the Internet via the ZMQ broker, which automatically binded to all network interfaces without user awareness. CVE-2026-7301 is exposed to the internet by default through the scheduler host, which binds to 0.0.0.0 by default. CVE-2026-7302 The multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints. CVE-2026-7304 The multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation. Impact If exploited, these vulnerabilities could allow an unauthenticated attacker to achieve remote code execution or arbitrary file writes on the host running SGLang. Deployments that expose the affected interface to untrusted networks are at the highest risk of exploitation. Solution Until a patch is available, affected users should consider the following mitigations: Mitigation Restrict access to the service interfaces and ensure they are not exposed to untrusted networks. Implement network segmentation and access controls to prevent unauthorized interaction with the vulnerable endpoints. Acknowledgements Thanks to the reporter, Alon Shakevsky. This document was written by Christopher Cullen. Vendor Information SGLang Unknown Notified: 2026-04-02 Updated: 2026-05-18 CVE-2026-7301 Unknown CVE-2026-7302 Unknown CVE-2026-7304 Unknown Vendor Statement We have not received a statement from the vendor. References https://github.com/sgl-project/sglang/tree/main/python/sglang https://antiproof.ai/blog/three-rces-in-sglang/ Other Information CVE IDs: CVE-2026-7301 CVE-2026-7302 CVE-2026-7304 API URL: VINCE JSON | CSAF Date Public: 2026-05-18 Date First Published: 2026-05-18 Date Last Updated: 2026-05-18 10:40 UTC Document Revision: 1 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================