Known Vulnerabilities for products from Lmsys
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Lmsys".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-10775 json | A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash o... | Not Provided | 2026-06-03 | 2026-06-10 |
| CVE-2026-7304 json | SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-p... | Not Provided | 2026-05-18 | 2026-05-19 |
| CVE-2026-7302 json | SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker ... | Not Provided | 2026-05-18 | 2026-05-19 |
| CVE-2026-7301 json | SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pi... | Not Provided | 2026-05-18 | 2026-05-19 |
| CVE-2026-5760 json | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokeniz... | Not Provided | 2026-04-20 | 2026-06-03 |
| CVE-2026-3060 json | SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregat... | Not Provided | 2026-03-12 | 2026-04-07 |
| CVE-2026-3059 json | SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which de... | Not Provided | 2026-03-12 | 2026-04-07 |