PYSEC-2026-538

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/sglang/PYSEC-2026-538.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2026-538

Aliases

CVE-2026-7302
GHSA-qwrp-wghp-94q2

Published

2026-06-29T11:50:50.577356Z

Modified

2026-06-29T12:15:09.723768127Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

Details

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

References

Affected packages

PyPI / sglang

Package

Name: sglang; View open source insights on deps.dev
Purl: pkg:pypi/sglang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.5.5

Last affected

0.5.12

Affected versions

0.*

0.5.5

0.5.5.post1

0.5.5.post2

0.5.5.post3

0.5.6

0.5.6.post1

0.5.6.post2

0.5.7

0.5.8

0.5.8.post1

0.5.9

0.5.10rc0

0.5.10

0.5.10.post1

0.5.11

0.5.12

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/sglang/PYSEC-2026-538.yaml"