CVE-2026-3060
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
Affected (1)
References (4)
Source: cret@cert.org
Product
Source: cret@cert.org
Source: cret@cert.org
Source: cret@cert.org
ExploitMitigationThird Party Advisory
Timeline
No history available yet.