lmsys 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥 and vendor risk denial of service があり、vendor surface production workloads and vendor surface software deployment の利用場面で アプリケーションクラッシュ and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-10775 | A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance. | [email protected] | 1.1 | 0.12% | 2026-06-03 | 2026-06-10 |
| CVE-2026-7304 | SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation. | [email protected] | 9.8 | 0.58% | 2026-05-18 | 2026-05-19 |
| CVE-2026-7302 | SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints. | [email protected] | 9.1 | 0.39% | 2026-05-18 | 2026-05-19 |
| CVE-2026-7301 | SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet. | [email protected] | 9.8 | 0.40% | 2026-05-18 | 2026-05-19 |
| CVE-2026-5760 | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment(). | [email protected] | 9.8 | 0.85% | 2026-04-20 | 2026-06-03 |
| CVE-2026-3060 | SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication. | [email protected] | 9.8 | 1.16% | 2026-03-12 | 2026-04-07 |
| CVE-2026-3059 | SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication. | [email protected] | 9.8 | 1.16% | 2026-03-12 | 2026-04-07 |