CRITICAL 9.8

PYSEC-2026-537

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module

Details

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / sglang

Introduced in: 0 Fixed in: 0.5.10

Fix pip install --upgrade 'sglang>=0.5.10'

References

https://nvd.nist.gov/vuln/detail/CVE-2026-3060 [ADVISORY]
https://github.com/sgl-project/sglang/pull/20904 [WEB]
https://github.com/sgl-project/sglang [PACKAGE]
https://github.com/sgl-project/sglang/blob/main/python/sglang/srt/disaggregation/encode_receiver.py [WEB]
https://github.com/sgl-project/sglang/releases/tag/v0.5.10 [WEB]
https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities [WEB]
https://pypi.org/project/sglang [PACKAGE]
https://github.com/advisories/GHSA-jx93-g359-86wm [ADVISORY]