CVE-2026-3060: SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module

Severity: Critical

CVSS Score: 9.8

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.