Security Advisory

CVE-2026-3989

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-12 11:37:48

Last updated 2026-04-07 18:46:48

Assigner certcc

State PUBLISHED

Description

SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.

← Browse all CVEs View on cve.org ↗