CVE-2026-3060

CVE-2026-3060 is an unauthenticated remote code execution vulnerability in SGLang's encoder parallel disaggregation system, specifically within the disaggregation module. The flaw arises from the module deserializing untrusted data using pickle.loads() without any authentication checks, corresponding to CWE-502 (Deserialization of Untrusted Data). Published on 2026-03-12, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker with network access to the affected SGLang deployment can exploit the vulnerability by sending specially crafted serialized data to the disaggregation module. This triggers arbitrary code execution on the server with the privileges of the running process, potentially allowing full system compromise without requiring user interaction or privileges.

Mitigation guidance from available advisories recommends updating to SGLang version v0.5.10, which includes the fix as detailed in the release tag. The patching commit is available in pull request #20904 on the SGLang GitHub repository, and the vulnerable code is visible in encode_receiver.py. Further analysis is provided in the Orca Security blog post on SGLang LLM framework RCE vulnerabilities.

SGLang is an LLM framework, rendering this vulnerability relevant to AI/ML inference serving deployments where disaggregation features are enabled. No public information on real-world exploitation is available in the provided details.