CVE-2026-3059
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
Affected (1)
References (5)
Source: cret@cert.org
Product
Source: cret@cert.org
Source: cret@cert.org
Source: cret@cert.org
Broken Link
Source: cret@cert.org
ExploitMitigationThird Party Advisory
Timeline
No history available yet.