Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from Vendor (certcc) · only source for this CVE.
CVSS VectorVendor: certcc
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when the feature is enabled and the service is reachable over the network.
AnalysisAI
Unauthenticated remote code execution in SGLang (versions 0 through 0.5.14) arises when the expert-parallel backup subsystem binds a ZeroMQ PULL socket to a routable interface without authentication or safe deserialization, letting a network attacker send a crafted pickle payload that executes arbitrary code in the serving process. It affects deployments where the elastic expert-parallel backup feature is enabled and the socket is reachable. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, inventory all SGLang deployments and identify which systems run versions 0.5.14 or earlier with the expert-parallel backup feature enabled and exposed to network access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
SGLang's multimodal generation module deserializes untrusted data with pickle.loads() over an unauthenticated ZMQ broker
SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated RCE through pickle deserialization in t
Remote code execution in SGLang 0.5.9's /v1/rerank endpoint allows unauthenticated attackers to execute arbitrary code b
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that cal
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an atta
Hash collision weaknesses in SGLang's multimodal Cache Handler (all versions through 0.5.11) allow a local low-privilege
Same weakness CWE-502 – Deserialization of Untrusted Data
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44934
GHSA-67x7-pm2x-m2cf