PyPI: sglang
CVE-2026-3989
Safety vulnerability ID: SFTY-20260312-70919
Safety legacy ID: pyup.io-89029
Affected versions of the sglang package are vulnerable to Deserialization of Untrusted Data due to unsafe loading of attacker-controlled pickle files. Specifically, the scripts/playground/replay_request_dump.py script uses pickle.load() on .pkl input without validating that the deserialized content is safe or expected, allowing arbitrary Python objects to be reconstructed.
Overview
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization
Advisory
Affected versions of the sglang package are vulnerable to Deserialization of Untrusted Data due to unsafe loading of attacker-controlled pickle files. Specifically, the scripts/playground/replay_request_dump.py script uses pickle.load() on .pkl input without validating that the deserialized content is safe or expected, allowing arbitrary Python objects to be reconstructed.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260312-70919/CVE-2026-3989
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3989
- https://github.com/advisories/GHSA-hvwj-8w5g-28rg
- https://nvd.nist.gov/vuln/detail/CVE-2026-3989
- https://github.com/sgl-project/sglang/blob/main/scripts/playground/replay_request_dump.py
- https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities
- https://github.com/advisories/GHSA-hvwj-8w5g-28rg
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more