{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3059", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-02-23T18:17:22.540Z", "datePublished": "2026-03-12T11:37:25.713Z", "dateUpdated": "2026-04-07T18:46:03.195Z"}, "containers": {"cna": {"title": "CVE-2026-3059", "descriptions": [{"lang": "en", "value": "SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "SGLang", "product": "SGLang", "versions": [{"status": "affected", "version": "0.5.10"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "references": [{"url": "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"}, {"url": "https://github.com/sgl-project/sglang/blob/main/python/sglang/multimodal_gen/runtime/scheduler_client.py"}, {"url": "https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/"}, {"url": "https://github.com/sgl-project/sglang/pull/20904"}, {"url": "https://github.com/sgl-project/sglang/releases/tag/v0.5.10"}], "x_generator": {"engine": "VINCE 3.0.35", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3059"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-07T18:46:03.195Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T14:26:09.705237Z", "id": "CVE-2026-3059", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:26:54.065Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3059", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T14:26:09.705237Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:24:40.482Z"}}], "cna": {"title": "CVE-2026-3059", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "SGLang", "product": "SGLang", "versions": [{"status": "affected", "version": "0.5.10"}]}], "references": [{"url": "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"}, {"url": "https://github.com/sgl-project/sglang/blob/main/python/sglang/multimodal_gen/runtime/scheduler_client.py"}, {"url": "https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/"}, {"url": "https://github.com/sgl-project/sglang/pull/20904"}, {"url": "https://github.com/sgl-project/sglang/releases/tag/v0.5.10"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.35", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3059"}, "descriptions": [{"lang": "en", "value": "SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-07T18:46:03.195Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3059", "state": "PUBLISHED", "dateUpdated": "2026-04-07T18:46:03.195Z", "dateReserved": "2026-02-23T18:17:22.540Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-03-12T11:37:25.713Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lmsys:sglang:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E8F6412-A923-42B6-8A44-ABE6009333E3", "versionEndIncluding": "0.5.9", "versionStartIncluding": "0.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication."}, {"lang": "es", "value": "El m\u00f3dulo de generaci\u00f3n multimodal de SGLang es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo sin autenticaci\u00f3n a trav\u00e9s del br\u00f3ker ZMQ, que deserializa datos no confiables utilizando pickle.loads() sin autenticaci\u00f3n."}], "id": "CVE-2026-3059", "lastModified": "2026-04-07T19:16:46.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-12T12:15:59.420", "references": [{"source": "cret@cert.org", "tags": ["Product"], "url": "https://github.com/sgl-project/sglang/blob/main/python/sglang/multimodal_gen/runtime/scheduler_client.py"}, {"source": "cret@cert.org", "url": "https://github.com/sgl-project/sglang/pull/20904"}, {"source": "cret@cert.org", "url": "https://github.com/sgl-project/sglang/releases/tag/v0.5.10"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://github.com/sgl-project/sglang/security/advisories/GHSA-3cp7-c6q2-94xr"}, {"source": "cret@cert.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.5.5,0.5.9]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "sglang", "vendor": "sglang"}], "analysis": {"en": {"generated_at": "2026-03-17T17:02:14.976288+00:00", "value": {"mitigation_remediation": ["Apply the official SGLang patch released in the GHSA-3cp7-c6q2-94xr advisory.", "Restrict network access to the ZMQ broker to trusted hosts or firewall it.", "If a patch is not yet available, disable the multimodal generation module or the ZMQ broker until an update is applied."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the SGLang framework (vendor: SGLang, product: SGLang). No specific version range is listed in the CNA data, so all installed instances of SGLang that use the multimodal generation module are potentially affected unless the vendor has otherwise specified an exemption.", "description_and_impact": "SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, as it deserializes untrusted data using pickle.loads() without authentication. This flaw is a classic example of the insecure deserialization weakness (CWE-502) and allows an attacker to execute arbitrary code on the system that hosts the SGLang service. The impact is full system compromise, enabling attackers to read, modify, or delete data, or install additional malware.", "risk_and_exploitability": "The CVSS score is 9.8, indicating critical severity. The EPSS score is below 1%, suggesting low probability of exploitation in the wild, but the lack of a KEV listing does not diminish the need for attention. The flaw can be leveraged over the ZMQ broker without authentication, meaning any user who can send messages to the broker could trigger the deserialization and run arbitrary code. Because the attack requires only network access to the broker, it is considered high-risk for exposed services."}}}}, "created": "2026-03-13T09:53:18.952852+00:00", "title": "Unauthenticated Remote Code Execution in SGLang Multimodal Generation Module via Unsecured ZMQ Broker", "updated": "2026-03-20T15:49:55.799609+00:00", "vendors": ["sglang", "sglang$PRODUCT$sglang"]}