Critical nvd · CVE-2026-7304

CVE-2026-7304: SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-lo

Published May 18, 2026 CVSS 9.8

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.

Remote Code Execution

Affected AI Products

sglang

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.