The SGLang multimodal generation module is susceptible to a critical unauthenticated remote code execution vulnerability due to insecure deserialization of untrusted data.

This vulnerability occurs in the ZMQ broker of the multimodal generation module, which uses pickle.loads() to deserialize data without authentication. An unauthenticated remote attacker can send a crafted payload to trigger arbitrary code execution.

A successful exploit allows a completely unauthenticated attacker to execute code on the server hosting the SGLang module. Given the CVSS score of 9.8, this poses a severe risk to AI infrastructure, potentially leading to data theft, model manipulation, or the use of the server for further attacks into the corporate network.

Immediate Action: Update SGLang to the latest version that replaces insecure deserialization methods with secure alternatives.

Proactive Monitoring: Monitor network traffic for unusual ZMQ protocol activity and inspect logs for unauthorized connections to the generation module ports.

Compensating Controls: Implement network-level access controls to ensure the ZMQ broker is only accessible from trusted internal IP addresses and is not exposed to the public internet.

Public Exploit Available: No

This is a critical vulnerability that must be addressed immediately. Organizations using SGLang for multimodal AI generation should apply the latest security updates and restrict network access to the vulnerable module to prevent unauthenticated remote exploitation.