Is there a public PoC exploit available for CVE-2026-10775?

Yes, a public proof-of-concept exploit is available for CVE-2026-10775. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-10775?

Yes, a patch is available for CVE-2026-10775. Update the affected software to the latest version immediately.

SGLang CVE-2026-10775

Q: What is the CVSS score of CVE-2026-10775?

CVE-2026-10775 has a CVSS 4.0 base score of 1.1 (Low). CVSS vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-34185 LOW

Improper Resource Shutdown or Release (CWE-404)

2026-06-03 VulDB

GHSA-jrcc-j37m-v8fg

Denial Of Service Sglang

1.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.1 LOW

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

Jun 03, 2026 - 23:31 vuln.today

Analysis Generated

Jun 03, 2026 - 23:31 vuln.today

CVSS changed

Jun 03, 2026 - 23:22 NVD

3.6 (LOW) 1.1 (LOW)

DescriptionCVE.org

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

AnalysisAI

Hash collision weaknesses in SGLang's multimodal Cache Handler (all versions through 0.5.11) allow a local low-privilege attacker to craft multimodal tensor inputs that produce identical cache keys via truncated SHA256 digests, causing incorrect cache lookups or cache invalidation failures that disrupt LLM serving workflows. The CVSS 4.0 score of 1.1 reflects the strictly local attack vector and high exploitation complexity, limiting real-world impact primarily to multi-tenant inference deployments. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain local low-privilege access to SGLang host

Delivery

Analyze multimodal cache key derivation logic

Exploit

Craft tensor inputs with colliding 8-byte SHA256 truncations

Execution

Submit inputs to trigger cache key collision in data_hash

Persist

Corrupt cache entries for subsequent multimodal requests

Impact

Degrade service availability or integrity via incorrect cached embeddings