Platform
python
Component
sglang
Fixed in
0.5.11
0.5.10
CVE-2026-3989 describes an Insecure Deserialization vulnerability found in SGLangs, specifically within the replayrequestdump.py script. This flaw allows an attacker to execute arbitrary code on the system by providing a crafted malicious .pkl file. The vulnerability impacts SGLangs versions 0.5.9 and earlier, and a fix is available in version 0.5.10.
The primary impact of CVE-2026-3989 is remote code execution (RCE). An attacker can craft a malicious pickle file that, when loaded by the vulnerable script, will execute arbitrary commands on the target system. This could lead to complete system compromise, including data theft, malware installation, and denial of service. The scope of the impact depends on the privileges of the user running the replayrequestdump.py script. If run as root or with elevated privileges, the attacker gains significant control over the system. This vulnerability shares similarities with other insecure deserialization flaws where untrusted data is directly deserialized without proper validation, potentially leading to arbitrary code execution.
CVE-2026-3989 was publicly disclosed on 2026-03-12. There is no indication of this vulnerability being actively exploited in the wild at this time. The EPSS score is likely to be medium, given the potential for RCE and the relatively straightforward nature of exploiting insecure deserialization vulnerabilities. No public proof-of-concept (POC) code has been released, but the vulnerability is well-understood, and a POC is likely to emerge if the vulnerability remains unpatched.
Exploit Status
EPSS
0.02% (3% percentile)
CVSS Vector
The primary mitigation for CVE-2026-3989 is to upgrade SGLangs to version 0.5.10 or later, which includes the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Strictly validate the source of any .pkl files before processing them with replayrequestdump.py. Avoid loading pickle files from untrusted sources entirely. Consider using alternative serialization formats like JSON or YAML, which are generally safer and less prone to arbitrary code execution vulnerabilities. Implement input validation to ensure that the pickle file conforms to expected structure and content.
Update to a patched version of SGLang that implements proper validation and deserialization to prevent malicious code execution via pickle files. See the release notes for more details on the fix.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3989 is a vulnerability in SGLangs versions ≤0.5.9 that allows an attacker to execute arbitrary code by providing a malicious .pkl file to the replayrequestdump.py script.
You are affected if you are using SGLangs versions 0.5.9 or earlier. Upgrade to version 0.5.10 to resolve the issue.
Upgrade SGLangs to version 0.5.10 or later. As a temporary workaround, strictly validate the source of any .pkl files before processing them.
There is currently no evidence of CVE-2026-3989 being actively exploited in the wild.
Refer to the SGLangs project's official website or repository for the advisory related to CVE-2026-3989.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.