← volver
CVE-2026-3060

CVE-2026-3060

CVSS 9.8 CRITICALEPSS 1.2%CWE-502
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.8EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 mar 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
SGLang · SGLang

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/sgl-project/sglang/blob/main/python/sglang/srt/disaggregation/encode_receiver.pyhttps://github.com/sgl-project/sglang/pull/20904https://github.com/sgl-project/sglang/releases/tag/v0.5.10https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/