104 matches found
CVE-2026-3059
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...
CVE-2026-3059
CVE-2026-3059 affects SGLang’s multimodal generation module via the ZMQ broker, where unauthenticated data can be deserialized with pickle.loads(), enabling remote code execution. The vulnerability arises from deserializing untrusted data without authentication. The provided documents do not spec...
CVE-2026-3059 CVE-2026-3059
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...
sglang 安全漏洞
SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability; this vulnerability stems from the encoder’s parallel deregistration system, which deserializes unvalidated data through the deregistratio...
sglang 安全漏洞
SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability that stems from the multi-modal generation module deserializing unvalidated data through the ZMQ proxy, potentially allowing remote code...
PT-2026-24942
Name of the Vulnerable Software and Affected Versions SGLang versions affected versions not specified Description The SGLang encoder parallel disaggregation system is susceptible to unauthenticated remote code execution. This occurs through the disaggregation module, which uses pickle.loads to...
sglang 安全漏洞
SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability, which stems from improper use of the pickle.load function in the replayrequestdump.py file, potentially allowing for the execution of...
PT-2026-24941
Name of the Vulnerable Software and Affected Versions SGLang affected versions not specified Description The SGLang multimodal generation module is susceptible to unauthenticated remote code execution. This occurs through the ZMQ broker, which deserializes untrusted data using the pickle.loads...
SGLang (sglang) is vulnerable to code execution attacks via unsafe pickle deserialization
Overview Two unsafe pickle deserialization vulnerabilities have been discovered in the SGLang open-source project, one within the tool's multimodal generation module and another within the Encoder Parallel Disaggregation system. SGLang is a serving framework for large language models LLMs and...
Remote Code Execution
SGLang is vulnerable to Remote Code Execution. The vulnerability is due to the manipulation of the argument serializednamedtensors, where the function main of the file /updateweightsfromtensor results in deserialization, and attackers can launch the attack remotely by exploiting this vulnerabilit...
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence AI inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. "These vulnerabilities all traced back to t...
EUVD-2025-27461
Malicious code in bioql PyPI...
CVE-2025-10164
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...
arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.31.0) +10 more potentially affected by CVE-2025-10164 via sglang (>=0.4.5 <=0.5.2)
sglang PYPI version =0.4.5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2025-10164 Source advisory: OSV:GHSA-9W53-XR52-MWGJ...
GHSA-9W53-XR52-MWGJ SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...
arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.31.0) +9 more potentially affected by CVE-2025-10164 via sglang (>=0.4.6.post5 <=0.5.2)
sglang PYPI version =0.4.6.post5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2025-10164 Source advisory: SNYK:PYTHON-SGLANG-12705358...
Deserialization of Untrusted Data
Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the main function in the /updateweightsfromtensor process in...
CVE-2025-10164
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...
CVE-2025-10164 lmsys sglang update_weights_from_tensor main deserialization
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...