Lucene search
+L

106 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.5 views

CVE-2026-3060

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS7.5AI score0.01158EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/03/17 4:39 p.m.11 views

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence AI code execution environments using domain name system DNS queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's...

9.8CVSS7.8AI score0.01534EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/12 2:29 p.m.11 views

leaf-playground (>=0.4.0 <=0.6.0), lightrft (=0.1.0) +1 more potentially affected by CVE-2026-3060 via sglang (>=0.1.26 <=0.4.6.post5)

sglang PYPI version =0.1.26, =0.4.0, =0.6.0 - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3060 Source advisory: SNYK:PYTHON-SGLANG-15470991...

9.8CVSS6.9AI score0.01158EPSS
Exploits1
Snyk
Snyk
added 2026/03/12 2:17 p.m.3 views

Deserialization of Untrusted Data

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the use of the pickle.loads function. An attacker can execute arbitrary code by sending...

9.8CVSS7.1AI score0.01534EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/12 12:30 p.m.6 views

lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-3060 via sglang (>=0.4.5 <=0.4.6.post5)

sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3060 Source advisory: OSV:GHSA-JX93-G359-86WM...

9.8CVSS6.9AI score0.01158EPSS
Exploits1
EUVD
EUVD
added 2026/03/12 12:30 p.m.4 views

EUVD-2026-11557

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.3AI score0.01534EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/03/12 12:30 p.m.6 views

lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-3059 via sglang (>=0.4.5 <=0.4.6.post5)

sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3059 Source advisory: OSV:GHSA-RGQ9-FQF5-FV58...

9.8CVSS6.9AI score0.01534EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/12 12:30 p.m.13 views

lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-3989 via sglang (>=0.4.5 <=0.4.6.post5)

sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3989 Source advisory: OSV:GHSA-HVWJ-8W5G-28RG...

7.8CVSS6.9AI score0.00334EPSS
Exploits0
EUVD
EUVD
added 2026/03/12 12:30 p.m.10 views

EUVD-2026-11559

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.3AI score0.01158EPSS
Exploits1References3
OSV
OSV
added 2026/03/12 12:30 p.m.24 views

GHSA-JX93-G359-86WM SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.5AI score0.01158EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/12 12:30 p.m.7 views

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.3AI score0.01158EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/12 12:30 p.m.8 views

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.3AI score0.01534EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/03/12 12:30 p.m.12 views

GHSA-RGQ9-FQF5-FV58 SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.5AI score0.01534EPSS
Exploits1References7
NVD
NVD
added 2026/03/12 12:15 p.m.5 views

CVE-2026-3059

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS0.01534EPSS
Exploits1References5
NVD
NVD
added 2026/03/12 12:15 p.m.8 views

CVE-2026-3060

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS0.01158EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 11:37 a.m.2 views

CVE-2026-3060

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.3AI score0.01158EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/12 11:37 a.m.33 views

CVE-2026-3060 CVE-2026-3060

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

0.01158EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/12 11:37 a.m.4 views

CVE-2026-3060 CVE-2026-3060

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

6.3AI score0.01158EPSS
Exploits1References4
CVE
CVE
added 2026/03/12 11:37 a.m.33 views

CVE-2026-3060

CVE-2026-3060 concerns the SGLang encoder’s parallel disaggregation system. The root cause is the disaggregation module deserializing untrusted data via pickle.loads() without authentication, enabling unauthenticated remote code execution. The affected component is the disaggregation module of th...

9.8CVSS6.3AI score0.01158EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/12 11:37 a.m.5 views

CVE-2026-3060 CVE-2026-3060

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS7.5AI score0.01158EPSS
Exploits1References6
Rows per page
Query Builder