Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-7304 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-7304 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-7304 is an unauthenticated remote code execution vulnerability in Lmsys SGLang's multimodal generation runtime, specifically triggered when the --enable-custom-logit-processor option is active.

Technical Detail

The flaw exists in SGLang's handling of custom logit processors, where Python objects are deserialized using dill.loads() without authentication or input validation. An unauthenticated remote attacker can submit a crafted serialized payload to the runtime endpoint, which will be deserialized and executed with the privileges of the SGLang process. Successful exploitation results in arbitrary code execution on the host system, with potential for full system compromise depending on the deployment context and process permissions.

Exploitation Status

No known exploit code has been publicly observed or confirmed as of May 25, 2026. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. Despite the absence of confirmed exploitation, the attack surface is straightforward: deserialization of attacker-controlled data via a well-understood library (dill) with no authentication barrier, which lowers the practical bar for exploitation significantly.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor activity has been associated with this vulnerability.

What To Do

Do not expose SGLang runtime endpoints with --enable-custom-logit-processor enabled to untrusted networks or the public internet. As an immediate workaround, disable the --enable-custom-logit-processor flag unless operationally required, and enforce network-level access controls to restrict runtime API access to trusted hosts only. Monitor for a patched release from Lmsys and apply it promptly given the critical CVSS score of 9.8. Operators running SGLang in multi-tenant or cloud-exposed environments should treat this as high priority. Detection should focus on anomalous process spawning from the SGLang runtime process and unexpected outbound network connections originating from the inference server.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →