Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-7301: SGLangs Scheduler Exposes to Remote Code Execution
CVE-2026-7301
GHSA-gwv6-pq6m-p3rq
Summary
The SGLangs scheduler has a default setting that makes it accessible from the internet, allowing hackers to execute malicious code on your system. This can happen if you have the scheduler exposed to the public internet without proper security measures in place. To protect yourself, ensure the scheduler is only accessible from trusted networks and consider implementing additional security features.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | sglang | >= 0.5.5, <= 0.5.12 |
Original title
SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket
Original description
SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 18 May 2026 · Updated: 29 May 2026 · First seen: 18 May 2026