Back to CVE List

CVE-2026-14890

Vulnerability Description

SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when the feature is enabled and the service is reachable over the network.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
SGLang
Product
SGLang

External References

Discussion (0)

Add Comment

No comments yet. Be the first!