3 matches found
leaf-playground (>=0.4.0 <=0.6.0), lightrft (=0.1.0) +1 more potentially affected by CVE-2026-3060 via sglang (>=0.1.26 <=0.4.6.post5)
sglang PYPI version =0.1.26, =0.4.0, =0.6.0 - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3060 Source advisory: SNYK:PYTHON-SGLANG-15470991...
CVE-2026-3060
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
CVE-2026-3060
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...