Vulnerability Details CVE-2026-7301
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.1%
CVSS Severity
CVSS v3 Score 9.8
References