← voltar
CVE-2026-3060

CVE-2026-3060

CVSS 9.8 CRITICALEPSS 1.2%CWE-502
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.8EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 mar 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
SGLang · SGLang

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/sgl-project/sglang/blob/main/python/sglang/srt/disaggregation/encode_receiver.pyhttps://github.com/sgl-project/sglang/pull/20904https://github.com/sgl-project/sglang/releases/tag/v0.5.10https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/