CVE-2026-7302

Name of the Vulnerable Software and Affected Versions SGLangs multimodal generation runtime (affected versions not specified)

Description An unauthenticated path traversal flaw allows an attacker to write arbitrary files to any location where the server process has write permissions. This is achieved by including ../ sequences in the upload filename when sending requests to specific endpoints.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.