Description
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
Published: 2026-05-18
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SGLang’s multimodal generation runtime scheduler exposes a ROUTER socket that, by default, listens on 0.0.0.0 and directly deserializes incoming messages with pickle.loads. Because the socket is open to the network, an attacker can send a crafted pickle payload and trigger arbitrary code execution on the host. This flaw aligns with insecure deserialization weaknesses (CWE‑502).

Affected Systems

The vulnerability affects the SGLang product family; no specific version information was provided in the advisory, so all releases that include the described scheduler configuration may be impacted.

Risk and Exploitability

The EPSS score is not available, and the CVE is not listed in the CISA KEV catalog. However, the design of the flaw provides a direct network attack surface: any party with outbound connectivity to the exposed socket can inject malicious pickle data and run code at the process level. Consequently, the risk is high and exploitation is likely if the socket remains publicly reachable.

Generated by OpenCVE AI on May 18, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict network access to the ROUTER socket by binding it only to localhost or a private subnet rather than 0.0.0.0.
  • If possible, disable the ROUTER socket or replace it with a safer communication channel that does not use pickle deserialization.
  • Apply any future vendor patch or update that eliminates the untrusted deserialization vulnerability.
  • Consider implementing input validation or switching to a safer serialization format such as JSON to mitigate deserialization risks.

Generated by OpenCVE AI on May 18, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Sglang
Sglang sglang
Vendors & Products Sglang
Sglang sglang

Mon, 18 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 May 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-502

Mon, 18 May 2026 12:00:00 +0000

Type Values Removed Values Added
Description SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
Title CVE-2026-7301
References

Subscriptions

Sglang Sglang
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-05-18T14:06:20.513Z

Reserved: 2026-04-28T11:43:42.008Z

Link: CVE-2026-7301

cve-icon Vulnrichment

Updated: 2026-05-18T14:06:12.475Z

cve-icon NVD

Status : Received

Published: 2026-05-18T12:16:16.480

Modified: 2026-05-18T15:16:26.907

Link: CVE-2026-7301

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T15:00:09Z

Weaknesses