Sglang
by Lmsys
Source repositories
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3060 | Cri | 0.64 | 9.8 | 0.02 | Mar 12, 2026 | SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication. | |
| CVE-2026-3059 | Cri | 0.64 | 9.8 | 0.02 | Mar 12, 2026 | SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication. |