VU#777338: SGLang contains two remote code execution and one path traversal vulnerability
Three critical vulnerabilities have been identified in the SGLang project, a framework for serving large AI models. Two of these vulnerabilities allow for remote code execution (RCE), while the third is a path traversal flaw. Exploitation requires the multimodal generation mode to be enabled and an attacker to have network access to the SGLang service. Currently, no patch is available for these issues. The project maintainers did not provide a response during the coordination process. CVE-2026-7301 exploits a pickle.loads() sink in the multimodal generation runtime scheduler, allowing RCE when exposed. This vulnerability binds to all network interfaces by default, making it accessible. CVE-2026-7302 permits arbitrary file writes via path traversal in the multimodal generation runtime. Attackers can achieve this by manipulating upload filenames with directory traversal sequences. CVE-2026-7304 enables RCE through unauthenticated deserialization of Python objects via dill.loads() when custom logit processors are enabled. If exploited, these vulnerabilities could lead to remote code execution or arbitrary file writes on the SGLang host. The highest risk is to deployments exposing affected interfaces to untrusted networks. Until a patch is released, users should restrict service access and avoid exposing it to untrusted networks.