CVE-2026-7302
Analyzed Analyzed - Analysis Complete
Unauthenticated Path Traversal in SGLangs Multimodal Runtime

Publication date: 2026-05-18

Last updated on: 2026-05-19

Assigner: CERT/CC

Description
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-18
Last Modified
2026-05-19
Generated
2026-05-20
AI Q&A
2026-05-19
EPSS Evaluated
2026-05-19
NVD
CVE-2026-7302
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lmsys sglang 0.5.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-35 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows an unauthenticated attacker to perform path traversal and write arbitrary files anywhere the server process has write access. This can lead to unauthorized modification or insertion of files, potentially compromising the integrity and availability of data.

Such unauthorized file writes could impact compliance with standards like GDPR and HIPAA, which require strict controls over data integrity, confidentiality, and system security. If exploited, this vulnerability might lead to data breaches or unauthorized data manipulation, thereby violating these regulations.

However, the provided context does not explicitly mention compliance impacts or specific regulatory considerations.


Can you explain this vulnerability to me?

The vulnerability in SGLangs multimodal generation runtime is an unauthenticated path traversal flaw. This means an attacker can manipulate the filename in an upload request by including sequences like "../" to traverse directories. By doing so, the attacker can write arbitrary files to any location where the server process has write permissions.


How can this vulnerability impact me? :

This vulnerability can have severe impacts because it allows an attacker to write files anywhere on the server where the process has write access without needing to authenticate. This could lead to unauthorized modification or creation of files, potentially disrupting service availability, corrupting data, or enabling further attacks such as privilege escalation or remote code execution.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart