Antiproof — Find zero-days before attackers do

Antiproof uncovers high-impact vulnerabilities.

Antiproof is an AI-powered vulnerability discovery system that has autonomously discovered and validated critical zero-days in widely-deployed systems, including vulnerabilities that let attackers take over LLM training and inference systems.

SGLangCVE-2026-7301

Unauthenticated RCE via pickle.loads() in the multimodal scheduler.

Critical

SGLangCVE-2026-7302

Arbitrary file write via path traversal in upload filenames.

Critical

SGLangCVE-2026-7304

Unauthenticated RCE via dill.loads() when --enable-custom-logit-processor is set.

Critical

RayCVE-2026-41486

RCE via Parquet Arrow extension-type deserialization through cloudpickle.loads().

High

View the full tracker

Blog

May 15, 2026

Three Remote Code Execution vulnerabilities in SGLang

Three unauthenticated remote code execution vulnerabilities in SGLang. Coordinated through CERT/CC as VU#777338. No official patch available.

Coming soon

Introducing Antiproof

AI-powered vulnerability discovery for critical open-source software.

Read all posts

Working on critical open-source?

security@antiproof.ai

Find zero-daysbefore attackers do.

Antiproof uncovers high-impact vulnerabilities.

Blog

Three Remote Code Execution vulnerabilities in SGLang

Introducing Antiproof

Working on critical open-source?

Find zero-days
before attackers do.