CVE-2026-3060
Unauthenticated Remote Code Execution in SGLang Encoder Module
Publication date: 2026-03-12
Last updated on: 2026-04-07
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lmsys | sglang | From 0.5.5 (inc) to 0.5.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the SGLang encoder parallel disaggregation system, specifically in its disaggregation module. This module deserializes untrusted data using Python's pickle.loads() function without any authentication. Because pickle.loads() can execute arbitrary code during deserialization, an attacker can exploit this to perform unauthenticated remote code execution on the system.
How can this vulnerability impact me? :
This vulnerability allows an attacker to remotely execute arbitrary code on the affected system without authentication. This can lead to full system compromise, including unauthorized access to sensitive data, disruption of services, installation of malware, or use of the system as a foothold for further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'The vulnerability involves unauthenticated remote code execution through the disaggregation module that deserializes untrusted data using pickle.loads(). Detection can focus on monitoring network traffic and system behavior related to this module.'}, {'type': 'list_item', 'content': "Monitor network connections to the disaggregation module's ports or services, especially those using ZeroMQ or gRPC protocols."}, {'type': 'list_item', 'content': 'Use network packet capture tools like tcpdump or Wireshark to inspect incoming data streams for suspicious serialized pickle data.'}, {'type': 'list_item', 'content': "On the system, check for unexpected or unauthorized execution of Python processes related to sglang's encode_receiver.py module."}, {'type': 'list_item', 'content': 'Example commands to detect suspicious activity:'}, {'type': 'list_item', 'content': '1. Capture network traffic on relevant ports (replace <port>): tcpdump -i any port <port> -w capture.pcap'}, {'type': 'list_item', 'content': '2. Inspect running Python processes: ps aux | grep encode_receiver.py'}, {'type': 'list_item', 'content': '3. Use lsof to check open network sockets by the process: lsof -p <pid> -i'}, {'type': 'list_item', 'content': '4. Analyze captured packets for pickle serialized data patterns or unexpected payloads.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps should focus on preventing unauthenticated access to the vulnerable disaggregation module and avoiding deserialization of untrusted data.
- Restrict network access to the disaggregation module by implementing firewall rules or network segmentation.
- Disable or restrict the use of pickle.loads() on data received from untrusted or unauthenticated sources.
- Implement authentication and authorization mechanisms for all incoming requests to the disaggregation module.
- Monitor logs and network traffic for suspicious activity related to the disaggregation module.
- If possible, update or patch the sglang project to a version that addresses this vulnerability.