SGLang unsafe pickle deserialization flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
SGLang has disclosed three insecure-deserialization vulnerabilities that can enable unauthenticated remote code execution across exposed multimodal generation, disaggregation, and replay paths. The highest-severity flaws, CVE-2026-3059 and CVE-2026-3060, both score 9.8 and rely on unsafe `pickle.loads()` handling in ZeroMQ-backed network interfaces. A third issue, CVE-2026-3989, affects `replay_request_dump.py` and can be triggered with a malicious pickle file. The flaws were unpatched at publication, leaving network-reachable deployments at risk until access is restricted or the affected features are isolated.
Timeline
-
17.03.2026 18:39 2 articles · 2mo ago
SGLang unsafe pickle deserialization flaws disclosed
Initial DisclosureResearchers disclosed three SGLang vulnerabilities that can enable unauthenticated remote code execution through exposed ZeroMQ-backed and replay paths. CVE-2026-3059 affects the multimodal generation module, CVE-2026-3060 affects the encoder parallel disaggregation system, and CVE-2026-3989 affects `replay_request_dump.py` through insecure `pickle.load()` handling of a malicious pickle file.
Show sources
- AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE — thehackernews.com — 17.03.2026 18:39
- AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE — thehackernews.com — 17.03.2026 18:39