Critical Unpatched CVSS 9.8 RCEs in SGLang + Amazon Bedrock AgentCore DNS Exfiltration Disclosed Today
Researchers disclosed two critical unpatched RCEs in SGLang (CVE-2026-3059, CVE-2026-3060, both CVSS 9.8) via unsafe pickle deserialization in ZeroMQ broker and disaggregation module — any SGLang deployment exposing multimodal or disaggregation features is fully exploitable with no authentication. Separately, BeyondTrust revealed Amazon Bedrock AgentCore Code Interpreter's sandbox permits outbound DNS queries, enabling attackers to establish interactive shells and exfiltrate data from inside agent code execution environments. Both disclosures extend the ShadowMQ vulnerability pattern — unsafe ZeroMQ/pickle combos copied across the AI inference stack — which previously hit Meta vLLM (CVE-2025-30165) and NVIDIA TensorRT-LLM (CVE-2025-23254).
↳ Follow the thread