CRITICAL
SGLang
CVE published 2026-05-18
CVE-2026-7302
CVE-2026-7302 is an unauthenticated path traversal issue reported for SGLang’s multimodal generation runtime. The flaw can let an attacker place files outside the intended upload path by using ../ sequences in an upload filename, potentially writing anywhere the server process has permission to write. Because the issue is unauthenticated and impacts file integrity on the host, it deserves prompt review ev [truncated]