ReportizFlow
Filtered by vendor Sglang
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3060 | 2 Lmsys, Sglang | 2 Sglang, Sglang | 2026-03-17 | 9.8 Critical |
| SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication. | ||||
| CVE-2026-3059 | 2 Lmsys, Sglang | 2 Sglang, Sglang | 2026-03-17 | 9.8 Critical |
| SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication. | ||||
| CVE-2026-3989 | 1 Sglang | 1 Sglang | 2026-03-16 | 7.8 High |
| SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script. | ||||
Page 1 of 1.