Vulnerabilities

CVE-2026-3059

by Fred · 12/03/2026

SGLang’s multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.

More information : https://github.com/sgl-project/sglang/blob/main/python/sglang/multimodal_gen/runtime/scheduler_client.py

Similar

Tags: Cybersecurity Alert