CVE-2026-10300
3.7 LOWA security vulnerability has been detected in SGLang 0.5.10.post1
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 3.7 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-617
Description
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora_path leads to reachable assertion. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10300
- [Other]https://github.com/sgl-project/sglang/issues/23141
- [Other]https://github.com/sgl-project/sglang/pull/25078
- [Other]https://vuldb.com/cve/CVE-2026-10300
- [Other]https://vuldb.com/submit/828086
- [Other]https://vuldb.com/vuln/367593
- [Other]https://vuldb.com/vuln/367593/cti
Related CVEs
Same CWE
- CVE-2026-29116 — A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, ...
- CVE-2026-29115 — A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, tr...
- CVE-2026-46543 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (5.3 MEDIUM)
- CVE-2026-46542 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (4.3 MEDIUM)
- CVE-2026-9750 — An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal ... (6.5 MEDIUM)