CVE-2026-10775
Denial of Service in SGLang Cache Handler
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sgl-project | sglang | to 0.5.11 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the sgl-project SGLang up to version 0.5.11, specifically in the data_hash function of the Cache Handler component.
It allows an attacker to cause a denial of service (DoS) condition by manipulating this function.
The attack requires local access to the system and a high degree of complexity, making exploitation difficult.
Although the exploit has been publicly disclosed, a fix is pending acceptance via a pull request.
How can this vulnerability impact me? :
The primary impact of this vulnerability is the potential to cause a denial of service (DoS) on the affected system.
This means that an attacker with local access could disrupt the normal operation of the Cache Handler component, potentially affecting system availability.
Due to the high complexity and local access requirement, the risk of exploitation is limited but still present.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability affects the function data_hash of the Cache Handler component in sgl-project SGLang up to version 0.5.11 and allows denial of service via local execution.
Since the exploit requires local access and a high degree of complexity, immediate mitigation steps include restricting local access to trusted users and environments.
Additionally, monitor for any updates or acceptance of the pull request that fixes this issue and apply the patch as soon as it becomes available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.