❌

Reading view

Multiple Vulnerabilities in NGINX Could Allow for Remote Code Execution

Multiple vulnerabilities have been discovered in NGINX, the most severe of which could allow for remote code execution. NGINX is a software used for web serving, reverse proxying, caching, and load balancing. Successful exploitation of the most severe of these vulnerabilities may allow an unauthenticated threat actor to crash vulnerable NGINX worker processes by sending crafted HTTP requests. Additionally, for systems with Address Space Layout Randomization (ASLR) disabled, exploitation may result in remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.

  •  

VU#777338: SGLang contains two remote code execution and one path traversal vulnerability

Overview

Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution (RCE), and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an attacker must have network access to the SGLang service. No patch is available at this time, and no response was obtained from the project maintainers during coordination.

Description

SGLang is an open-source framework for serving large language models (LLMs) and multimodal AI models, supporting models such as Qwen, DeepSeek, Mistral, and Skywork, and is compatible with OpenAI APIs. Three vulnerabilities have been discovered within the tool and are tracked as follows:

CVE-2026-7301
The multimodal generation runtime scheduler's ROUTER socket contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.

This vulnerability is distinct from CVE-2026-3060 and CVE-2026-3059, which would be open to the Internet via the ZMQ broker, which automatically binded to all network interfaces without user awareness. CVE-2026-7301 is exposed to the internet by default through the scheduler host, which binds to 0.0.0.0 by default.

CVE-2026-7302
The multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

CVE-2026-7304
The multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.

Impact

If exploited, these vulnerabilities could allow an unauthenticated attacker to achieve remote code execution or arbitrary file writes on the host running SGLang. Deployments that expose the affected interface to untrusted networks are at the highest risk of exploitation.

Solution

Until a patch is available, affected users should consider the following mitigations:

Mitigation

  • Restrict access to the service interfaces and ensure they are not exposed to untrusted networks.
  • Implement network segmentation and access controls to prevent unauthorized interaction with the vulnerable endpoints.

Acknowledgements

Thanks to the reporter, Alon Shakevsky. This document was written by Christopher Cullen.

Vendor Information

One or more vendors are listed for this advisory. Please reference the full report for more information.

Other Information

CVE IDs: CVE-2026-7302 CVE-2026-7304 CVE-2026-7301
Date Public: 2026-05-18
Date First Published: 2026-05-18
Date Last Updated: 2026-05-18 10:40 UTC
Document Revision: 1
  •  

APPLE-SA-05-13-2026-1 Safari 26.5

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-13-2026-1 Safari 26.5

Safari 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127121.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Processing maliciously crafted web content may prevent Content...
  •  

APPLE-SA-05-11-2026-11 visionOS 26.5

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-11 visionOS 26.5

visionOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127120.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: Apple Vision Pro (all models)
Impact: An app may be able to cause a denial-of-service
Description:...
  •  

APPLE-SA-05-11-2026-10 watchOS 26.5

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-10 watchOS 26.5

watchOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127119.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: Apple Watch Series 6 and later
Impact: An app may be able to cause a denial-of-service
Description:...
  •  

APPLE-SA-05-11-2026-9 tvOS 26.5

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-9 tvOS 26.5

tvOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127118.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to cause a denial-of-service...
  •  

APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7

macOS Sonoma 14.8.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127117.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

APFS
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A...
  •  
❌