CVE-2026-7301
CriticalSummary
By default, the ROUTER socket in the SGLangs multimodal generation runtime scheduler binds to 0.0.0.0 and contains a sink that calls pickle.loads() on incoming messages, enabling remote code execution (RCE) when exposed to the internet.
Risk Assessment
Exposing the socket to the internet poses a serious risk of remote code execution, which could lead to unauthorized control over the system.
Recommendation
It is recommended to restrict the socket binding to a local IP address and avoid using pickle.loads() on untrusted data.
Original NVD description (English source)
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.

