Critical severity9.8NVD Advisory· Published Mar 12, 2026· Updated Apr 7, 2026

CVE-2026-3060

Description

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
sglangPyPI	< 0.5.10	0.5.10

Affected products

Lmsys/Sglang
cpe:2.3:a:lmsys:sglang:*:*:*:*:*:*:*:*
Range: >=0.5.5,<=0.5.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/nvdExploitMitigationThird Party Advisory
github.com/advisories/GHSA-jx93-g359-86wmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-3060ghsaADVISORY
github.com/sgl-project/sglang/blob/main/python/sglang/srt/disaggregation/encode_receiver.pynvdProductWEB
github.com/sgl-project/sglang/pull/20904nvdWEB
github.com/sgl-project/sglang/releases/tag/v0.5.10nvdWEB
orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilitiesghsaWEB

News mentions

⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
The Hacker News · Apr 27, 2026
Building the foundation for running extra-large language models
Cloudflare Blog · Apr 16, 2026

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000