CVE-2026-7304 Lmsys CVE debrief

Who should care

Operators and security teams responsible for SGLang deployments, especially internet-facing services and any environment that enables `--enable-custom-logit-processor`.

Technical summary

The vulnerable code path is gated behind `--enable-custom-logit-processor`. When that option is enabled, SGLang deserializes Python objects with `dill.loads()` without sufficient validation, creating a network-reachable unsafe deserialization path that can lead to remote code execution without authentication.

Defensive priority

Immediate

Recommended defensive actions

• Check whether any SGLang deployment enables `--enable-custom-logit-processor`; treat exposed instances as high priority.
• Disable the custom logit processor option wherever it is not strictly required.
• If the feature must remain in use, isolate the service, restrict network exposure, and limit who can reach it.
• Track the official CVE/NVD records and vendor guidance for remediation updates before re-enabling the feature.
• Review logs and adjacent services for unexpected behavior on deployments that used the affected option.

Evidence notes

The supplied official NVD record describes the issue as unauthenticated remote code execution in SGLang and lists CWE-502 with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. NVD also lists `cpe:2.3:a:lmsys:sglang:0.5.10` as vulnerable. The CERT-referenced blog post and the linked SGLang repository provide context on the affected project codebase; no fixed version or patch details were present in the supplied corpus.

Official resources