CVE-2026-3989

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

Picklescan is missing detection when calling built-in python ensurepip._run_pip

Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...

The vulnerability of the pickle.load() function in Manuscript software, related to the restoration of unreliable data in memory, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the pickle.load function in software for manuscript writers involves restoring unreliable data in memory. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, and even cause service failures...