Vulnerabilities

CVE-2026-3060

by Fred · 12/03/2026

SGLang’ encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.

More information : https://github.com/sgl-project/sglang/blob/main/python/sglang/srt/disaggregation/encode_receiver.py

Similar

Tags: Cybersecurity Alert