Browse all 4 CVE security advisories affecting SGLang. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SGLang serves as a high-performance framework for large language model serving and inference. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. The framework's security posture is notable for its frequent updates addressing critical vulnerabilities, though its complex architecture continues to present attack surfaces. While no major public security incidents have been widely reported, the consistent discovery of RCE vulnerabilities in its components suggests ongoing challenges in securing its inference pipeline against sophisticated exploitation attempts.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5760 | CVE-2026-5760 — SGLang | 9.8AI | CriticalAI | 2026-04-20 |
| CVE-2026-3989 | CVE-2026-3989 — SGLang | 8.8AI | HighAI | 2026-03-12 |
| CVE-2026-3060 | CVE-2026-3060 — SGLang | 9.8AI | CriticalAI | 2026-03-12 |
| CVE-2026-3059 | CVE-2026-3059 — SGLang | 9.8AI | CriticalAI | 2026-03-12 |
This page lists every published CVE security advisory associated with SGLang. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.