CVEFinder.io

CVE-2026-7302

⛔ critical
🔍 Scan for this CVE
Summary

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

CVSS Score
9.1
Critical
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-18
First Seen: 2026-05-19
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 321,566 vulnerabilities in our database.

#39,677
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 18, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-19
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE IDs (Weakness Types)
CWE-35

📦 Affected Products 1

Vendor Product Status Affected Versions
lmsys sglang Affected
v0.5.10

🔗 References 2

https://antiproof.ai/blog/three-rces-in-sglang/
Permissions Required
https://github.com/sgl-project/sglang/tree/main/pyth...
Product

🔗 Related CVEs 5

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-7301 ⛔ critical 9.8 0.1 SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that cal... 2026-05-18
CVE-2026-7304 ⛔ critical 9.8 0.3 SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-lo... 2026-05-18
CVE-2026-3059 ⛔ critical 9.8 1.3 SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, whi... 2026-03-12
CVE-2026-3060 ⛔ critical 9.8 1.3 SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disagg... 2026-03-12
CVE-2025-10164 ⚠️ high 7.3 0.0 A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the fi... 2025-09-09
These CVEs affect the same products