CVE-2026-14890
Vulnerability Description
SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when the feature is enabled and the service is reachable over the network.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
SGLang
Product
SGLang
Discussion (0)
Add Comment
No comments yet. Be the first!