Lucene search
K

104 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/12 11:37 a.m.9 views

CVE-2026-3059

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.3AI score0.01534EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/03/12 11:37 a.m.28 views

CVE-2026-3059

CVE-2026-3059 affects SGLang’s multimodal generation module via the ZMQ broker, where unauthenticated data can be deserialized with pickle.loads(), enabling remote code execution. The vulnerability arises from deserializing untrusted data without authentication. The provided documents do not spec...

9.8CVSS6.3AI score0.01534EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/12 11:37 a.m.5 views

CVE-2026-3059 CVE-2026-3059

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS7.5AI score0.01534EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.11 views

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability; this vulnerability stems from the encoder’s parallel deregistration system, which deserializes unvalidated data through the deregistratio...

9.8CVSS7.1AI score0.01158EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.8 views

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability that stems from the multi-modal generation module deserializing unvalidated data through the ZMQ proxy, potentially allowing remote code...

9.8CVSS7.1AI score0.01534EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.7 views

PT-2026-24942

Name of the Vulnerable Software and Affected Versions SGLang versions affected versions not specified Description The SGLang encoder parallel disaggregation system is susceptible to unauthenticated remote code execution. This occurs through the disaggregation module, which uses pickle.loads to...

9.8CVSS7.5AI score0.01158EPSS
Exploits1References18
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.7 views

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability, which stems from improper use of the pickle.load function in the replayrequestdump.py file, potentially allowing for the execution of...

7.8CVSS6.9AI score0.00334EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.7 views

PT-2026-24941

Name of the Vulnerable Software and Affected Versions SGLang affected versions not specified Description The SGLang multimodal generation module is susceptible to unauthenticated remote code execution. This occurs through the ZMQ broker, which deserializes untrusted data using the pickle.loads...

9.8CVSS7.3AI score0.01534EPSS
Exploits1References19
CERT
CERT
added 2026/03/12 12:0 a.m.9 views

SGLang (sglang) is vulnerable to code execution attacks via unsafe pickle deserialization

Overview Two unsafe pickle deserialization vulnerabilities have been discovered in the SGLang open-source project, one within the tool's multimodal generation module and another within the Encoder Parallel Disaggregation system. SGLang is a serving framework for large language models LLMs and...

9.8CVSS7.5AI score0.01534EPSS
Exploits2References10
Veracode
Veracode
added 2025/12/13 7:29 a.m.6 views

Remote Code Execution

SGLang is vulnerable to Remote Code Execution. The vulnerability is due to the manipulation of the argument serializednamedtensors, where the function main of the file /updateweightsfromtensor results in deserialization, and attackers can launch the attack remotely by exploiting this vulnerabilit...

7.5CVSS5.7AI score0.00376EPSS
Exploits0References6Affected Software1
The Hacker News
The Hacker News
added 2025/11/14 3:20 p.m.21 views

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence AI inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. "These vulnerabilities all traced back to t...

8.8CVSS10AI score0.00886EPSS
Exploits2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27461

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00376EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/11 7:25 p.m.6 views

CVE-2025-10164

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

7.5CVSS6.6AI score0.00376EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/09/09 9:30 p.m.7 views

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.31.0) +10 more potentially affected by CVE-2025-10164 via sglang (>=0.4.5 <=0.5.2)

sglang PYPI version =0.4.5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2025-10164 Source advisory: OSV:GHSA-9W53-XR52-MWGJ...

7.5CVSS7.1AI score0.00376EPSS
Exploits0
OSV
OSV
added 2025/09/09 9:30 p.m.2 views

GHSA-9W53-XR52-MWGJ SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

7.3CVSS6.8AI score0.00376EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/09/09 9:30 p.m.11 views

SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

7.5CVSS7.4AI score0.00376EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2025/09/09 7:44 p.m.5 views

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.31.0) +9 more potentially affected by CVE-2025-10164 via sglang (>=0.4.6.post5 <=0.5.2)

sglang PYPI version =0.4.6.post5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2025-10164 Source advisory: SNYK:PYTHON-SGLANG-12705358...

7.5CVSS7.1AI score0.00376EPSS
Exploits0
Snyk
Snyk
added 2025/09/09 7:44 p.m.4 views

Deserialization of Untrusted Data

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the main function in the /updateweightsfromtensor process in...

7.5CVSS7.7AI score0.00376EPSS
Exploits0References2
NVD
NVD
added 2025/09/09 7:15 p.m.4 views

CVE-2025-10164

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

7.5CVSS0.00376EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/09 6:32 p.m.3 views

CVE-2025-10164 lmsys sglang update_weights_from_tensor main deserialization

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

7.5CVSS6.4AI score0.00376EPSS
Exploits0References3
Rows per page
Query Builder