Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
SGLangs replay_request_dump.py allows attackers to execute arbitrary code
CVE-2026-3989
GHSA-hvwj-8w5g-28rg
Summary
The SGLangs replay_request_dump.py script does not properly check the files it loads, which means an attacker can trick it into running malicious code. This could allow an attacker to take control of the device running the script. Users should update to a fixed version of the script or implement proper validation to prevent this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | sglang | <= 0.5.9 | – |
Original title
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization
Original description
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.
Vulnerability type
CWE-502
Deserialization of Untrusted Data
- https://github.com/sgl-project/sglang/blob/main/scripts/playground/replay_reques...
- https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities/
- https://nvd.nist.gov/vuln/detail/CVE-2026-3989
- https://orca.security/resources/blog/sglang-llm-framework-rce-vulnerabilities
- https://github.com/advisories/GHSA-hvwj-8w5g-28rg
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026