CVE-2026-10300

LOW 3.7

SGLang Inference HTTP Endpoint lora_manager.py assertion

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora_path leads to reachable assertion. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

CWE	CWE-617
Vendor	n/a
Product	sglang
Published	Jun 1, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for n/a sglang

Be the first to know when new low vulnerabilities affecting n/a sglang are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / SGLang

0.5.10.post1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367593 vuldb.com: https://vuldb.com/vuln/367593/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10300 vuldb.com: https://vuldb.com/submit/828086 github.com: https://github.com/sgl-project/sglang/issues/23141 github.com: https://github.com/sgl-project/sglang/pull/25078

Credits

🔍 Zyz3366 (VulDB User) VulDB CNA Team