SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker
Details
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.