CVE-2026-10300

Source
https://cve.org/CVERecord?id=CVE-2026-10300
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10300.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-10300
Aliases
Published
2026-06-01T23:00:12.872Z
Modified
2026-07-09T14:11:39.012900031Z
Severity
  • 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
SGLang Inference HTTP Endpoint lora_manager.py assertion
Details

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10300.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-617"
    ]
}
References

Affected packages

Git / github.com/sgl-project/sglang

Affected ranges

Type
GIT
Repo
https://github.com/sgl-project/sglang
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0.5.10.post1"
        },
        {
            "last_affected": "0.5.10.post1"
        }
    ]
}

Affected versions

0.*
0.5.10.post1
v0.*
v0.5.10.post1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10300.json"