CVE-2026-3059 – SGLang – Critical RCE and Sandbox Escape
“If your AI runtime can be tricked, your infrastructure becomes the payload.”
SGLang patched multiple critical vulnerabilities that allow remote code execution and sandbox escape within its runtime environment. These flaws enable attackers to craft inputs that break isolation controls, execute arbitrary code, and potentially take full control of the underlying system.
CVE-2026-3059 has a CVSS score of 9.8, which is Critical severity. CVE-2026-3060 has a CVSS score of 9.8, which is Critical severity. CVE-2026-3989 has a CVSS score of 7.8, which is High severity. Together, these issues create a highly exploitable attack chain, especially in environments where SGLang is exposed to external or untrusted inputs.
Proof-of-concept code is available for all three vulnerabilities, confirming that exploitation is practical and lowering the barrier for attackers. The patch strengthens sandbox enforcement, tightens execution boundaries, and improves input validation to prevent runtime compromise.
Key Details
- Affected Product
- Lmsys Sglang
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-502