PYSEC-2026-536

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/sglang/PYSEC-2026-536.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-536
Aliases
Published
2026-06-29T11:50:49.817132Z
Modified
2026-06-29T12:15:09.697551012Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket
Details

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.

References

Affected packages

PyPI / sglang

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.5.5
Last affected
0.5.12

Affected versions

0.*
0.5.5
0.5.5.post1
0.5.5.post2
0.5.5.post3
0.5.6
0.5.6.post1
0.5.6.post2
0.5.7
0.5.8
0.5.8.post1
0.5.9
0.5.10rc0
0.5.10
0.5.10.post1
0.5.11
0.5.12

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/sglang/PYSEC-2026-536.yaml"