CVE-2026-3059: SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker

Severity: Critical

CVSS Score: 9.8

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.