Description
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
Published: 2026-03-12
Score: 9.8 Critical
EPSS: 1.2% Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, as it deserializes untrusted data using pickle.loads() without authentication. This flaw is a classic example of the insecure deserialization weakness (CWE-502) and allows an attacker to execute arbitrary code on the system that hosts the SGLang service. The impact is full system compromise, enabling attackers to read, modify, or delete data, or install additional malware.

Affected Systems

The vulnerability affects the SGLang framework (vendor: SGLang, product: SGLang). No specific version range is listed in the CNA data, so all installed instances of SGLang that use the multimodal generation module are potentially affected unless the vendor has otherwise specified an exemption.

Risk and Exploitability

The CVSS score is 9.8, indicating critical severity. The EPSS score is below 1%, suggesting low probability of exploitation in the wild, but the lack of a KEV listing does not diminish the need for attention. The flaw can be leveraged over the ZMQ broker without authentication, meaning any user who can send messages to the broker could trigger the deserialization and run arbitrary code. Because the attack requires only network access to the broker, it is considered high-risk for exposed services.

Generated by OpenCVE AI on March 17, 2026 at 17:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official SGLang patch released in the GHSA-3cp7-c6q2-94xr advisory.
  • Restrict network access to the ZMQ broker to trusted hosts or firewall it.
  • If a patch is not yet available, disable the multimodal generation module or the ZMQ broker until an update is applied.

Generated by OpenCVE AI on March 17, 2026 at 17:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-rgq9-fqf5-fv58 SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker
History

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
References

Tue, 17 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Lmsys
Lmsys sglang
CPEs cpe:2.3:a:lmsys:sglang:*:*:*:*:*:*:*:*
Vendors & Products Lmsys
Lmsys sglang

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Sglang
Sglang sglang
Vendors & Products Sglang
Sglang sglang

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-502
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
Title CVE-2026-3059
References

Subscriptions

Lmsys Sglang
Sglang Sglang
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-04-07T18:46:03.195Z

Reserved: 2026-02-23T18:17:22.540Z

Link: CVE-2026-3059

cve-icon Vulnrichment

Updated: 2026-03-12T14:24:40.482Z

cve-icon NVD

Status : Modified

Published: 2026-03-12T12:15:59.420

Modified: 2026-04-07T19:16:46.820

Link: CVE-2026-3059

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:55Z

Weaknesses