SGLang Arbitrary File Write Vulnerability via Unauthenticated Path Traversal

A path traversal vulnerability allowing unauthenticated attackers to write arbitrary files has been identified in SGLang's multimodal generation runtime, versions 0.5.5 and later. The vulnerability arises from the runtime's file upload handling on OpenAI-compatible image and video editing endpoints. The issue allows attackers to exploit the upload filename by including '../' sequences to traverse out of the designated uploads directory and into any location where the server process has write permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized file creation or modification on the server, potentially allowing for further exploitation or disruption of services.

Reproduction

To reproduce this vulnerability, upload a file through the '/v1/images/edits' or '/v1/videos' endpoints, including a filename that contains '../' sequences. This will traverse out of the uploads directory and write the file to a location accessible by the server process.