CVE-2026-7304
Unauthenticated Remote Code Execution in SGLangs Runtime
Publication date: 2026-05-18
Last updated on: 2026-05-19
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lmsys | sglang | 0.5.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated remote code execution, which can lead to full compromise of the affected system, including unauthorized access, modification, or destruction of sensitive data.
Such a security breach can result in violations of data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and health information from unauthorized access and ensure data integrity and availability.
Therefore, exploitation of this vulnerability could lead to non-compliance with these standards due to potential data breaches and failure to maintain adequate security measures.
Can you explain this vulnerability to me?
CVE-2026-7304 is a critical vulnerability in the SGLangs multimodal generation runtime that allows unauthenticated remote code execution. This happens when the option --enable-custom-logit-processor is enabled, because Python objects are deserialized using dill.loads() without any validation. This unsafe deserialization can be exploited by attackers to execute arbitrary code on the affected system.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows attackers to remotely execute arbitrary code without any authentication. This means an attacker can take full control over the affected system, potentially leading to data theft, system compromise, disruption of services, or further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the SGLang multimodal generation runtime is running with the --enable-custom-logit-processor option enabled, as this setting allows unsafe deserialization.
Additionally, detection involves verifying if the scheduler's ZeroMQ ROUTER socket is exposed and reachable on the network, especially if SGLang is configured with --host 0.0.0.0, which binds the socket to all network interfaces.
To detect this on your system or network, you can use commands to check running processes and network sockets, for example:
- Use a process listing command to check for SGLang runtime with the vulnerable option enabled: `ps aux | grep sglang` and look for the presence of `--enable-custom-logit-processor`.
- Use network scanning tools to check if the scheduler's ZeroMQ ROUTER socket is exposed, for example: `netstat -tuln | grep <scheduler_port>` or `ss -tuln | grep <scheduler_port>`.
- Use network scanning tools like nmap to scan for open ports on the host running SGLang, e.g., `nmap -p <scheduler_port> <host_ip>`.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling the --enable-custom-logit-processor option in the SGLang multimodal generation runtime to prevent unsafe deserialization of Python objects.
Additionally, restrict network access to the scheduler's ZeroMQ ROUTER socket by not binding it to all network interfaces (avoid using --host 0.0.0.0) and limit exposure to trusted networks only.
If possible, deploy network-level controls such as firewalls or security groups to block unauthorized access to the scheduler port.
Monitor for updates or patches from the SGLang project and apply them as soon as they become available, since the vulnerability remains unpatched as of the last publication.