An unauthenticated remote code execution vulnerability exists in the SGLang disaggregation module, posing a critical risk to AI processing environments.

The disaggregation module in the SGLang encoder parallel system uses pickle.loads() on untrusted data without any authentication. This allows a remote attacker to execute arbitrary commands by sending a specially crafted pickle payload.

This flaw carries a CVSS score of 9.8, indicating a nearly maximum level of risk. An attacker can gain full control over the AI encoder systems, leading to the compromise of proprietary models, sensitive training data, and the underlying server infrastructure, resulting in significant operational disruption.

Immediate Action: Apply the vendor-provided update to SGLang immediately to patch the insecure disaggregation module.

Proactive Monitoring: Review system logs for Python-related execution errors or unexpected outbound connections from the SGLang service.

Compensating Controls: Utilize a Web Application Firewall (WAF) or deep packet inspection to block unauthorized ZMQ or disaggregation-related traffic at the perimeter.

Public Exploit Available: No

The unauthenticated nature of this RCE makes it an urgent security concern. We strongly recommend that all users of SGLang update their installations immediately and ensure that disaggregation modules are not exposed to untrusted networks.