Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-7301 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-7301 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-7301 is an unauthenticated remote code execution vulnerability in Lmsys SGLang's multimodal generation runtime scheduler, specifically in the ROUTER socket component that binds to all network interfaces by default.

Technical Detail

The SGLang runtime scheduler binds its ROUTER socket to 0.0.0.0, exposing it on all available network interfaces without authentication. An attacker with network access to the bound port can send a crafted message that reaches a sink invoking Python's pickle.loads() on attacker-controlled data, a well-understood deserialization primitive that allows arbitrary code execution in the context of the running process. Successful exploitation results in full remote code execution on the host running the SGLang inference server, which in many deployments operates with elevated privileges in GPU-accelerated or cloud-hosted environments.

Exploitation Status

No known exploit code has been publicly observed or confirmed as of May 25, 2026. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. However, the attack primitive involved, unsafe deserialization via pickle.loads() on a network-exposed socket, is well understood and requires no novel technique to weaponize, which lowers the practical barrier to exploitation significantly.

Who Is Targeting This

No specific threat actor attribution at this time. No confirmed or reported threat actor activity has been associated with this vulnerability as of the publication date.

What To Do

Organizations running SGLang should treat this as a high-priority remediation given the CVSS score of 9.8 and the trivial exploitability of the underlying primitive. Check the Lmsys SGLang project repository for patched releases and apply updates immediately. As an interim workaround, restrict network access to the ROUTER socket port using host-based firewall rules or network-level access controls, ensuring the port is not reachable from untrusted networks or the public internet. If SGLang is deployed in containerized or cloud environments, audit security group rules and network policies to confirm the socket is not inadvertently exposed. Detection should focus on unexpected inbound connections to the ROUTER socket port and anomalous process execution originating from the SGLang runtime process.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →