Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 16 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-502 | |
| Metrics |
cvssV3_1
|
Thu, 16 Jul 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Sglang
Sglang sglang |
|
| Vendors & Products |
Sglang
Sglang sglang |
Thu, 16 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when the feature is enabled and the service is reachable over the network. | |
| Title | CVE-2026-14890 | |
| References |
|
Status: PUBLISHED
Assigner: certcc
Published:
Updated: 2026-07-16T18:23:35.561Z
Reserved: 2026-07-06T17:51:01.634Z
Link: CVE-2026-14890
Updated: 2026-07-16T16:29:23.722Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T17:00:02Z