CVE-2026-7301

SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

CVE-2026-7301

CVE-2026-7301 affects the SGLang multicast/multimodal generation runtime (sglang). The vulnerability stems from the ROUTER socket binding to 0.0.0.0 by default and a sink that calls pickle.loads() on incoming messages, enabling remote code execution when exposed to the internet. Affected componen...

sglang 代码问题漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has code vulnerabilities; one of these vulnerabilities stems from the fact that the ROUTER socket, which handles multi-modal generation during runtime scheduling, is...

MindsDB 输入验证错误漏洞

MindsDB is a joint query engine designed by MindsDB Corporation, specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 26.01 and earlier contained a vulnerability related to input validation errors. This vulnerability...

CVE-2026-7712 MindsDB Pickle pickle.loads deserialization

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

CVE-2026-7712 MindsDB Pickle pickle.loads deserialization

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

PT-2026-36729

Name of the Vulnerable Software and Affected Versions MindsDB versions prior to 26.01 Description A remote deserialization issue exists in the Pickle Handler component. The flaw occurs within the pickle.loads function, allowing an attacker to execute a manipulation that leads to insecure...

CVE-2026-26210

KTransformers (versions up to 0.5.3) contains an unsafe deserialization vulnerability in the balance_serve backend. The scheduler RPC server binds a ZMQ ROUTER socket to all interfaces without authentication and deserializes incoming messages with pickle.loads() without validation, enabling an at...

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

lerobot 代码问题漏洞

Lerobot is a robot programming library open source by Hugging Face. Versions of LeRobot prior to 0.5.1 had code vulnerabilities. These vulnerabilities stemmed from unsafe deserialization in the asynchronous inference pipeline. The pickle.loads function was used to deserialize data received throug...

PT-2026-34741

Name of the Vulnerable Software and Affected Versions LeRobot versions prior to 0.6.0 Description An unsafe deserialization issue exists in the asynchronous inference pipeline of the LeRobot robotics platform. The software uses the pickle.loads function to deserialize data received over...

SUSE CVE-2026-33155

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

EUVD-2026-11559

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

PT-2026-24942

Name of the Vulnerable Software and Affected Versions SGLang versions affected versions not specified Description The SGLang encoder parallel disaggregation system is susceptible to unauthenticated remote code execution. This occurs through the disaggregation module, which uses pickle.loads to...

Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked

Assessment The missing pickle entrypoints pickle.loads, pickle.loads, and pickle.load were added to the hook https://github.com/trailofbits/fickling/commit/8c24c6edabceab156cfd41f4d70b650e1cdad1f7. Original report Summary fickling.alwayschecksafety does not hook all pickle entry points...

GHSA-WCCX-J62J-R448 Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked

Assessment The missing pickle entrypoints pickle.loads, pickle.loads, and pickle.load were added to the hook https://github.com/trailofbits/fickling/commit/8c24c6edabceab156cfd41f4d70b650e1cdad1f7. Original report Summary fickling.alwayschecksafety does not hook all pickle entry points...

CVE-2025-57622

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...

CVE-2025-57622

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...