CVE-2026-10775

Source
https://cve.org/CVERecord?id=CVE-2026-10775
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10775.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-10775
Published
2026-06-03T22:15:10.154Z
Modified
2026-07-08T08:08:18.274255251Z
Severity
  • 1.1 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
sgl-project SGLang Cache data_hash denial of service
Details

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "0.5.0"
                },
                {
                    "last_affected": "0.5.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10775.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-404"
    ]
}
References

Affected packages

Git / github.com/sgl-project/sglang

Affected ranges

Type
GIT
Repo
https://github.com/sgl-project/sglang
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:lmsys:sglang:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.5.1"
        },
        {
            "last_affected": "0.5.1"
        },
        {
            "introduced": "0.5.2"
        },
        {
            "last_affected": "0.5.2"
        },
        {
            "introduced": "0.5.3"
        },
        {
            "last_affected": "0.5.3"
        },
        {
            "introduced": "0.5.4"
        },
        {
            "last_affected": "0.5.4"
        },
        {
            "introduced": "0.5.5"
        },
        {
            "last_affected": "0.5.5"
        },
        {
            "introduced": "0.5.6"
        },
        {
            "last_affected": "0.5.6"
        },
        {
            "introduced": "0.5.7"
        },
        {
            "last_affected": "0.5.7"
        },
        {
            "introduced": "0.5.8"
        },
        {
            "last_affected": "0.5.8"
        },
        {
            "introduced": "0.5.9"
        },
        {
            "last_affected": "0.5.9"
        },
        {
            "introduced": "0.5.10"
        },
        {
            "last_affected": "0.5.10"
        },
        {
            "introduced": "0.5.11"
        },
        {
            "last_affected": "0.5.11"
        },
        {
            "introduced": "0"
        }
    ]
}

Affected versions

0.*
0.5.1
0.5.10
0.5.11
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
gateway-v0.*
gateway-v0.2.0
gateway-v0.2.1
gateway-v0.2.2
gateway-v0.2.3
gateway-v0.2.4
gateway-v0.3.0
gateway-v0.3.1
v0.*
v0.5.1
v0.5.1.post1
v0.5.1.post2
v0.5.1.post3
v0.5.11
v0.5.2
v0.5.2rc0
v0.5.2rc1
v0.5.2rc2
v0.5.3
v0.5.3.post1
v0.5.3.post2
v0.5.3.post3
v0.5.3rc0
v0.5.3rc1
v0.5.3rc2
v0.5.4
v0.5.4.post1
v0.5.4.post2
v0.5.4.post3
v0.5.5
v0.5.5.post1
v0.5.5.post2
v0.5.5.post3
v0.5.6
v0.5.6.post1
v0.5.6.post2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10775.json"