External risk intelligence

SGLang Expert-Parallel Backup RCE via Unauthenticated ZeroMQ Socket.

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-14890

The vulnerability involves a ZeroMQ PULL socket used for expert-parallel backup subsystems in SGLang. While it is network-reachable when the feature is enabled, this type of service is typically intended for internal cluster communication or backend data synchronization rather than direct public internet exposure. Public reachability depends on specific, non-standard network configuration choices.

Deserialization

Halo Surface Signal: 3 out of 5 — possibly public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A security vulnerability has been identified in SGLang's expert-parallel backup subsystem, which uses a network-accessible component without proper safeguards. This could allow an unauthorized party to execute malicious code remotely if the feature is active and the service is exposed on the network. The main concern is confirming if this specific feature is enabled and accessible within your environment.

  • Unprotected system feature allows remote code execution.
  • Critical issue if enabled and network-exposed.
  • Confirm SGLang feature usage and network exposure.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending a specially crafted pickle file over the network to a reachable SGLang instance. This happens when the expert-parallel backup subsystem is active and the ZeroMQ PULL socket, which lacks authentication and input validation, receives the malicious data. Successful exploitation allows for unauthenticated remote code execution.

  • Network access to the service is required.
  • A malicious pickle file sent to the backup subsystem triggers it.
  • Risk of unauthenticated remote code execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on a system running SGLang when its expert-parallel backup feature is enabled and exposed on a network interface. The attacker could send a malicious pickle file, leading to code execution without proper authentication or data deserialization checks.

  • System code execution.
  • Malicious pickle file over network.
  • Unauthenticated remote code execution.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in SGLang's backup subsystem requires a coordinated response, likely involving platform or infrastructure teams responsible for managing SGLang deployments and network/security teams to assess external exposure. The first practical step is to identify all instances of SGLang, confirm if the expert-parallel backup feature is enabled, and determine network reachability. Once identified, the accountable owner must be found to assess business criticality and plan remediation based on risk.

  • Identify SGLang instances and owners.
  • Verify backup feature and network exposure.
  • Plan risk-based remediation and vendor coordination.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is SGLang and its expert-parallel backup subsystem?

SGLang is a software framework designed for high-speed structured generation of large language models. The expert-parallel backup subsystem is a specialized component used within certain deployments to handle data synchronization or redundancy between different processing experts. It relies on internal communication channels to ensure state is maintained across the distributed architecture during complex machine learning tasks.

What does CWE-502 mean for CVE-2026-14890?

CWE-502 refers to Deserialization of Untrusted Data. In the context of CVE-2026-14890, this means the software automatically processes data sent to it without verifying if the information is safe. Because the system uses a format known as 'pickle' to handle objects, an attacker can craft a malicious file that tricks the software into running arbitrary code on the host machine the moment it tries to read the input.

How can an attacker trigger this vulnerability?

An attacker triggers this flaw by sending a specifically formatted pickle file to the ZeroMQ PULL socket used by the backup subsystem. Critically, this only functions if the expert-parallel backup feature is actively enabled in the SGLang configuration. If the feature is disabled, or if the socket is not accepting network connections, the vulnerability cannot be triggered through this path.

Is my network setup at risk according to Halo Surface Signal?

Halo Surface Signal indicates that while the service is network-reachable when the feature is active, it is typically designed for internal cluster communication rather than public access. You are at higher risk if your specific network configuration has inadvertently exposed this internal socket to the internet. If the service is restricted to an isolated backend network, the potential for unauthorized access is significantly reduced.

What steps should I take to respond to this CVE?

First, inventory your systems to locate all active SGLang instances. Check your configuration files to determine if the expert-parallel backup feature is enabled. If it is, verify your network access controls to ensure the ZeroMQ socket is not reachable from untrusted networks. Coordinate with your infrastructure teams to confirm that only authorized internal components can communicate with these backup subsystems until a formal update or mitigation is applied.

References