CVE-2026-3989
Insecure Deserialization in SGLangs replay_request_dump.py Enables RCE
Publication date: 2026-03-12
Last updated on: 2026-04-07
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sgl_project | sglang | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the SGLangs script `replay_request_dump.py`, which uses Python's pickle.load() function without validating the input data properly. This insecure deserialization allows an attacker to provide a malicious .pkl file that, when loaded by the script, can execute arbitrary code on the device running it.
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution on the device running the vulnerable script. An attacker who supplies a crafted malicious pickle file can execute arbitrary commands or code, potentially compromising the system, stealing data, or causing denial of service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves insecure deserialization via the replay_request_dump.py script loading malicious pickle (.pkl) files. Detection can focus on identifying usage or execution of this script with untrusted pickle files.'}, {'type': 'list_item', 'content': 'Monitor for execution of replay_request_dump.py, especially with input files from untrusted sources.'}, {'type': 'list_item', 'content': 'Check for suspicious or unexpected .pkl files being accessed or loaded by the script.'}, {'type': 'list_item', 'content': 'Use system process monitoring commands such as: `ps aux | grep replay_request_dump.py` to detect running instances.'}, {'type': 'list_item', 'content': "Audit file access logs for .pkl files used by the script, e.g., `grep '.pkl' /var/log/audit/audit.log` if auditd is enabled."}, {'type': 'list_item', 'content': 'Network monitoring for unusual HTTP POST requests to the /generate endpoint on the target host and port (default localhost:30000) may indicate replay activity.'}, {'type': 'list_item', 'content': 'If Python is available, a command to check pickle file contents safely (without loading) is limited, but you can inspect pickle files with `strings suspicious.pkl` or `hexdump -C suspicious.pkl` to look for anomalies.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid loading pickle files from untrusted or unauthenticated sources in the replay_request_dump.py script.
- Do not run replay_request_dump.py with pickle files obtained from untrusted or unknown origins.
- Restrict access to the replay_request_dump.py script and the directories containing pickle files to trusted users only.
- Consider implementing validation or sandboxing around the deserialization process to prevent execution of malicious code.
- Monitor and limit network access to the host and port used by the script (default localhost:30000) to prevent unauthorized replay attempts.
- If possible, replace usage of pickle files with safer serialization formats or add integrity checks before deserialization.