Critical github · GHSA-36m8-w8qf-g76p

SGLang: Unauthenticated RCE via --enable-custom-logit-processor

Published May 18, 2026 CVSS 9.8

SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.

Remote Code Execution

Affected AI Products

sglang

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.