CVE-2026-7302

Source
https://cve.org/CVERecord?id=CVE-2026-7302
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7302.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-7302
Aliases
Published
2026-05-18T10:39:27.474Z
Modified
2026-07-08T08:09:49.285474218Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
CVE-2026-7302
Details

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "5.10"
                },
                {
                    "last_affected": "5.10"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/7xxx/CVE-2026-7302.json",
    "cna_assigner": "certcc"
}
References

Affected packages

Git / github.com/sgl-project/sglang

Affected ranges

Type
GIT
Repo
https://github.com/sgl-project/sglang
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:lmsys:sglang:0.5.10:-:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.5.10-NA"
        },
        {
            "last_affected": "0.5.10-NA"
        }
    ]
}

Affected versions

0.*
0.5.10-NA
v0.*
v0.5.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7302.json"