CVE-2026-3989

Description

SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.

PUBLISHED Reserved 2026-03-11 | Published 2026-03-12 | Updated 2026-04-07 | Assigner certcc

Problem types

CWE-502: Deserialization of Untrusted Data

Product status

References

github.com/...main/scripts/playground/replay_request_dump.py

orca.security/...g/sglang-llm-framework-rce-vulnerabilities/

github.com/sgl-project/sglang/releases/tag/v0.5.10

github.com/sgl-project/sglang/pull/20904

cve.org (CVE-2026-3989)

nvd.nist.gov (CVE-2026-3989)

Download JSON