What is GHSA-gwv6-pq6m-p3rq?

GHSA-gwv6-pq6m-p3rq is a security advisory published by GitHub Security Advisories with Critical severity. SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

Which CVE IDs does GHSA-gwv6-pq6m-p3rq cover?

GHSA-gwv6-pq6m-p3rq covers the following CVE IDs: CVE-2026-7301. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-gwv6-pq6m-p3rq?

GHSA-gwv6-pq6m-p3rq has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

Which products are affected by GHSA-gwv6-pq6m-p3rq?

GHSA-gwv6-pq6m-p3rq affects 1 product, including: pip/sglang:\u003e= 0.5.5, \u003c= 0.5.12.

GHSA-gwv6-pq6m-p3rqCriticalCVSS 9.8

SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

Vendor

GitHub Security Advisories

Published

May 18, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-7301 →

📋 Description

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.

🎯 Affected products1

pip/sglang:>= 0.5.5, <= 0.5.12

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-7301
https://antiproof.ai/blog/three-rces-in-sglang
https://github.com/sgl-project/sglang/tree/main/python/sglang
https://github.com/advisories/GHSA-gwv6-pq6m-p3rq