Scan free
HIGHCVE-2026-3989CVSS 7.8

CVE-2026-3989: Insecure Deserialization in SGLangs

Platform

python

Component

sglang

Fixed in

0.5.11

0.5.10

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2026-3989 describes an Insecure Deserialization vulnerability found in SGLangs, specifically within the replayrequestdump.py script. This flaw allows an attacker to execute arbitrary code on the system by providing a crafted malicious .pkl file. The vulnerability impacts SGLangs versions 0.5.9 and earlier, and a fix is available in version 0.5.10.

Python

Detect this CVE in your project

Upload your requirements.txt file and we'll tell you instantly if you're affected.

Upload requirements.txtSupported formats: requirements.txt · Pipfile.lock

Impact and Attack Scenarios

The primary impact of CVE-2026-3989 is remote code execution (RCE). An attacker can craft a malicious pickle file that, when loaded by the vulnerable script, will execute arbitrary commands on the target system. This could lead to complete system compromise, including data theft, malware installation, and denial of service. The scope of the impact depends on the privileges of the user running the replayrequestdump.py script. If run as root or with elevated privileges, the attacker gains significant control over the system. This vulnerability shares similarities with other insecure deserialization flaws where untrusted data is directly deserialized without proper validation, potentially leading to arbitrary code execution.

Exploitation Context

CVE-2026-3989 was publicly disclosed on 2026-03-12. There is no indication of this vulnerability being actively exploited in the wild at this time. The EPSS score is likely to be medium, given the potential for RCE and the relatively straightforward nature of exploiting insecure deserialization vulnerabilities. No public proof-of-concept (POC) code has been released, but the vulnerability is well-understood, and a POC is likely to emerge if the vulnerability remains unpatched.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureLow
Reports1 threat report

EPSS

0.02% (3% percentile)

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.8HIGHAttack VectorLocalHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Local — attacker needs a local shell or interactive session on the system.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentsglang
Vendorosv
Affected rangeFixed in
0.5.10 – 0.5.100.5.11
0.5.10

Weakness Classification (CWE)

CWE-502

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Patched 25 days after disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-3989 is to upgrade SGLangs to version 0.5.10 or later, which includes the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Strictly validate the source of any .pkl files before processing them with replayrequestdump.py. Avoid loading pickle files from untrusted sources entirely. Consider using alternative serialization formats like JSON or YAML, which are generally safer and less prone to arbitrary code execution vulnerabilities. Implement input validation to ensure that the pickle file conforms to expected structure and content.

How to fix

Update to a patched version of SGLang that implements proper validation and deserialization to prevent malicious code execution via pickle files. See the release notes for more details on the fix.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-3989 — Insecure Deserialization in SGLangs?

CVE-2026-3989 is a vulnerability in SGLangs versions ≤0.5.9 that allows an attacker to execute arbitrary code by providing a malicious .pkl file to the replayrequestdump.py script.

Am I affected by CVE-2026-3989 in SGLangs?

You are affected if you are using SGLangs versions 0.5.9 or earlier. Upgrade to version 0.5.10 to resolve the issue.

How do I fix CVE-2026-3989 in SGLangs?

Upgrade SGLangs to version 0.5.10 or later. As a temporary workaround, strictly validate the source of any .pkl files before processing them.

Is CVE-2026-3989 being actively exploited?

There is currently no evidence of CVE-2026-3989 being actively exploited in the wild.

Where can I find the official SGLangs advisory for CVE-2026-3989?

Refer to the SGLangs project's official website or repository for the advisory related to CVE-2026-3989.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs