Hl4X7Eq28

**Name of the Vulnerable Software and Affected Versions** lmsys sglang version 0.4.6 **Description** A security flaw exists in lmsys sglang version 0.4.6. The issue involves the `main` function within the `/update weights from tensor` file, which is susceptible to deserialization due to manipulation of the `serialized named tensors` argument. This issue can be exploited remotely. The exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.