Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability allows for unauthenticated remote code execution in the SGLangs multimodal generation runtime. The issue arises when a specific configuration option is enabled, allowing untrusted Python objects to be loaded and deserialized without proper validation. This could allow an attacker to execute arbitrary code on the affected system.
- Attackers can execute code remotely.
- Affects systems running SGLangs runtime.
- No authentication is needed to exploit.
Attack Path
How an attacker could exploit the issue
An attacker could exploit this vulnerability by sending a specially crafted request to a SGLang multimodal generation runtime that has the `--enable-custom-logit-processor` option enabled. This would allow them to execute arbitrary code on the server due to the insecure deserialization of Python objects loaded via `dill.loads()`.
- Unauthenticated network access.
- Target: SGLang runtime with specific option.
- Insecure object deserialization.
Live Threat
Current exploitation, exposure, and threat context
Attackers are likely to target this vulnerability because it enables unauthenticated remote code execution, a highly desirable outcome for compromising systems. The ability to execute arbitrary code without needing any prior access or privileges significantly lowers the barrier to exploitation.
- Unauthenticated RCE.
- Publicly disclosed.
- Remote attack vector.
Priority actions
Operational Fix
Recommended remediation, mitigation, and detection steps
Prioritize disabling the `--enable-custom-logit-processor` option or isolating services using SGLang where this is enabled. The vulnerability allows unauthenticated remote code execution through unsafe deserialization, indicating a critical risk of compromise.
- Disable `--enable-custom-logit-processor`.
- Isolate affected SGLang services.
- Monitor for suspicious network activity.
