CVE-2026-10775

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

CVSS v3 3.6 LOW
CVSS v2.0 2.4 LOW

3.6^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.0 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

2.4^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:S/C:N/I:P/A:P

Exploitability : 1.5 / Impact : 4.9

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/sgl-project/sglang/
https://github.com/sgl-project/sglang/issues/25462
https://github.com/sgl-project/sglang/pull/22033
https://vuldb.com/cve/CVE-2026-10775
https://vuldb.com/submit/831438
https://vuldb.com/vuln/368138
https://vuldb.com/vuln/368138/cti
https://github.com/sgl-project/sglang/pull/22033
https://vuldb.com/submit/831438

Configurations

No configuration.

History

04 Jun 2026, 15:16

Type	Values Removed	Values Added
References	~~() https://github.com/sgl-project/sglang/pull/22033 -~~	() https://github.com/sgl-project/sglang/pull/22033 -
References	~~() https://vuldb.com/submit/831438 -~~	() https://vuldb.com/submit/831438 -

03 Jun 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-03 23:16

Updated : 2026-06-04 16:32

NVD link : CVE-2026-10775

Mitre link : CVE-2026-10775

CVE.ORG link : CVE-2026-10775

JSON object : View

Products Affected

No product.

CWE

CWE-404

Improper Resource Shutdown or Release

{"id": "CVE-2026-10775", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 2.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 1.0}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 1.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-06-03T23:16:17.077", "references": [{"url": "https://github.com/sgl-project/sglang/", "source": "cna@vuldb.com"}, {"url": "https://github.com/sgl-project/sglang/issues/25462", "source": "cna@vuldb.com"}, {"url": "https://github.com/sgl-project/sglang/pull/22033", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/cve/CVE-2026-10775", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/submit/831438", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/vuln/368138", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/vuln/368138/cti", "source": "cna@vuldb.com"}, {"url": "https://github.com/sgl-project/sglang/pull/22033", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://vuldb.com/submit/831438", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-404"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance."}], "lastModified": "2026-06-04T16:32:54.380", "sourceIdentifier": "cna@vuldb.com"}