CVE-2026-3989
Our Analysis: esv
Our model has classified this vulnerability as relevant to esv Systems, helping your team prioritize efforts effectively.
Published Date
March 12, 2026
Last Modified
March 12, 2026
CVSS Vector
Not Available
Description
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.