20 matches found
CVE-2026-3060
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
GHSA-JX93-G359-86WM SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module
SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module
SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
EUVD-2026-11559
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
CVE-2026-3060
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
CVE-2026-3060
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
CVE-2026-3060
CVE-2026-3060 concerns the SGLang encoder’s parallel disaggregation system. The root cause is the disaggregation module deserializing untrusted data via pickle.loads() without authentication, enabling unauthenticated remote code execution. The affected component is the disaggregation module of th...
CVE-2026-3060 CVE-2026-3060
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
CVE-2026-3060
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
CVE-2026-3060 CVE-2026-3060
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...
SGLang (sglang) is vulnerable to code execution attacks via unsafe pickle deserialization
Overview Two unsafe pickle deserialization vulnerabilities have been discovered in the SGLang open-source project, one within the tool's multimodal generation module and another within the Encoder Parallel Disaggregation system. SGLang is a serving framework for large language models LLMs and...
PT-2026-24942
Name of the Vulnerable Software and Affected Versions SGLang versions affected versions not specified Description The SGLang encoder parallel disaggregation system is susceptible to unauthenticated remote code execution. This occurs through the disaggregation module, which uses pickle.loads to...
PT-2026-8395
Name of the Vulnerable Software and Affected Versions LightLLM versions prior to 1.2.0 Description LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution issue in PD prefill-decode disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary...
EUVD-2015-2841
Malware in sbrugna...
SUSE CVE-2015-2751
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service host lock via unspecified domctl operations...
DEBIAN-CVE-2015-2751
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service host lock via unspecified domctl operations...
CVE-2015-2751
CVE-2015-2751 affects Xen hypervisor (versions 4.3.x–4.5.x) when using toolstack disaggregation. It allows remote domains with partial management control to lock up the host via unspecified domctl operations, causing a Denial of Service. The linked advisories indicate the issue is addressed in Xe...
CVE-2015-2751
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service host lock via unspecified domctl operations...
Certain domctl operations may be abused to lock up the host
ISSUE DESCRIPTION XSA-77 put the majority of the domctl operations on a list excepting them from having security advisories issued for them if any effects their use might have could hamper security. Subsequently some of them got declared disaggregation safe, but for a small subset this was not...
xen-kernel -- Certain domctl operations may be abused to lock up the host
The Xen Project reports: XSA-77 put the majority of the domctl operations on a list excepting them from having security advisories issued for them if any effects their use might have could hamper security. Subsequently some of them got declared disaggregation safe, but for a small subset this was...