PYSEC-2026-535

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/sglang/PYSEC-2026-535.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-535
Aliases
Published
2026-06-29T11:50:49.669447Z
Modified
2026-07-01T20:23:04.977005Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
SGLang: Unauthenticated RCE via --enable-custom-logit-processor
Details

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.

References

Affected packages

PyPI / sglang

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.4.1.post7
Last affected
0.5.12

Affected versions

0.*
0.4.1.post7
0.4.2
0.4.2.post1
0.4.2.post2
0.4.2.post3
0.4.2.post4
0.4.3
0.4.3.post1
0.4.3.post2
0.4.3.post3
0.4.3.post4
0.4.4
0.4.4.post1
0.4.4.post2
0.4.4.post3
0.4.4.post4
0.4.5
0.4.5.post1
0.4.5.post2
0.4.5.post3
0.4.6
0.4.6.post1
0.4.6.post2
0.4.6.post3
0.4.6.post4
0.4.6.post5
0.4.7
0.4.7.post1
0.4.8
0.4.8.post1
0.4.9
0.4.9.post1
0.4.9.post2
0.4.9.post3
0.4.9.post4
0.4.9.post5
0.4.9.post6
0.4.10
0.4.10.post1
0.4.10.post2
0.5.0rc0
0.5.0rc1
0.5.0rc2
0.5.1
0.5.1.post1
0.5.1.post2
0.5.1.post3
0.5.2rc0
0.5.2rc1
0.5.2rc2
0.5.2
0.5.3rc0
0.5.3rc2
0.5.3
0.5.3.post1
0.5.3.post2
0.5.3.post3
0.5.4
0.5.4.post1
0.5.4.post2
0.5.4.post3
0.5.5
0.5.5.post1
0.5.5.post2
0.5.5.post3
0.5.6
0.5.6.post1
0.5.6.post2
0.5.7
0.5.8
0.5.8.post1
0.5.9
0.5.10rc0
0.5.10
0.5.10.post1
0.5.11
0.5.12

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/sglang/PYSEC-2026-535.yaml"