Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
LightLLM versions 1.1.0 and prior allow unauthorized code to run on a server
CVE-2026-26220
Summary
An attacker can send malicious data to the LightLLM server and run arbitrary code without needing a password or permission. This could allow them to access or modify sensitive information, or even take control of the server. Update to the latest version to fix this issue.
Original title
LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that recei...
Original description
LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads() without authentication or validation. A remote attacker who can reach the PD master can send a crafted payload to achieve arbitrary code execution.
nvd CVSS4.0
9.3
Vulnerability type
CWE-502
Deserialization of Untrusted Data
- https://chocapikk.com/posts/2026/lightllm-pickle-rce/
- https://github.com/ModelTC/LightLLM/issues/1213
- https://github.com/ModelTC/lightllm/blob/a27dfc88c2144ed51a6e160b6fbe20aad66c8fe...
- https://github.com/ModelTC/lightllm/blob/a27dfc88c2144ed51a6e160b6fbe20aad66c8fe...
- https://lightllm-en.readthedocs.io/en/latest/index.html
- https://www.vulncheck.com/advisories/lightllm-pd-mode-unsafe-deserialization-rce
Published: 17 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026