Unsafe deserialization in SGLangs allows unauthenticated attackers to execute arbitrary code remotely, posing a critical threat to server integrity.

The application utilizes dill.loads() to deserialize Python objects without validation when the --enable-custom-logit-processor option is active, allowing an unauthenticated remote attacker to inject malicious payloads.

This vulnerability carries a CVSS score of 9.8, reflecting the ability for an attacker to achieve full remote code execution. This could lead to a complete compromise of the host system, theft of sensitive AI models, and potential lateral movement within the environment.

Immediate Action: Disable the --enable-custom-logit-processor option immediately if not strictly required, and update to the latest patched version.

Proactive Monitoring: Monitor server processes for unexpected child spawns or outbound connections originating from the runtime environment.

Compensating Controls: Deploy a Web Application Firewall (WAF) or Network Intrusion Detection System (NIDS) to inspect and block malicious serialized object payloads.

Public Exploit Available: No