{"id":"CVE-2026-3059","summary":"CVE-2026-3059","details":"SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.","aliases":["GHSA-3cp7-c6q2-94xr","GHSA-rgq9-fqf5-fv58","PYSEC-2026-539"],"modified":"2026-07-08T08:12:26.152282368Z","published":"2026-03-12T11:37:25.713Z","database_specific":{"cna_assigner":"certcc","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3059.json"},"references":[{"type":"WEB","url":"https://github.com/sgl-project/sglang/blob/main/python/sglang/multimodal_gen/runtime/scheduler_client.py"},{"type":"WEB","url":"https://github.com/sgl-project/sglang/releases/tag/v0.5.10"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3059.json"},{"type":"ADVISORY","url":"https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3059"},{"type":"FIX","url":"https://github.com/sgl-project/sglang/pull/20904"},{"type":"ARTICLE","url":"https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sgl-project/sglang","events":[{"introduced":"0c006b8809cd99e1f95926401a2823dd952641c8"},{"fixed":"1519acf37c23f2189adb93f57ca9cd2db1bebf18"}],"database_specific":{"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:lmsys:sglang:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0.5.5"},{"last_affected":"0.5.9"}]}}],"versions":["0.5.10","gateway-v0.3.1","gateway-v0.3.0","v0.5.6.post2","gateway-v0.2.4","v0.5.6.post1","v0.5.6","v0.5.5","v0.5.5.post3","gateway-v0.2.3","v0.5.5.post2","v0.5.5.post1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3059.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}