CRITICAL🇵🇱 Wersja polska

CVE-2026-3060

CVSS 9.8v3.1pub. 2026-03-12upd. 2026-04-07

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.

🤖 AI Analysis
How it works

The disaggregation module in SGLang receives network data and deserializes it directly using the pickle.loads() function without prior authentication of the sender or content validation. The Python pickle library by design allows arbitrary code execution during deserialization of a crafted object. An attacker can send a malicious pickle payload to the listening endpoint, resulting in immediate code execution in the context of the SGLang process.

Impact

An attacker without any privileges, acting remotely over the network, can execute arbitrary code on the server hosting SGLang, gaining full control over the confidentiality, integrity, and availability of the system.

Mitigation & patch

SGLang should be updated to version v0.5.10 or later, where the issue has been resolved according to pull request #20904. Additionally, it is recommended to restrict network access to the disaggregation module ports exclusively to trusted hosts (firewall, network segmentation) as an additional layer of protection.

Who is affected

SGLang (Lmsys Sglang) — versions before v0.5.10 using the encoder parallel disaggregation module (encode_receiver.py file)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lmsys Sglang

    APP
    Lmsys
    0.5.5 – 0.5.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-7301CRITICAL9.8PL ✓ten sam produkt

RCE w SGLang przez niebezpieczną deserializację pickle na gnieździe ROUTER

CVE-2026-7302CRITICAL9.1PL ✓ten sam produkt

SGLang: path traversal umożliwiający zapis dowolnych plików bez uwierzytelnienia

CVE-2026-7304CRITICAL9.8PL ✓ten sam produkt

RCE przez niebezpieczną deserializację w SGLang (dill.loads)

CVE-2026-5760CRITICAL9.8PL ✓ten sam produkt

SGLang: RCE przez niezabezpieczony silnik Jinja2 w endpoincie reranking

CVE-2026-3059CRITICAL9.8PL ✓ten sam produkt

RCE w SGLang przez deserializację pickle bez uwierzytelnienia (ZMQ broker)