Security researchers at Oligo Security have uncovered a series of critical Remote Code Execution vulnerabilities affecting widely deployed AI inference servers from major technology companies.
The flaws impact frameworks developed by Meta, NVIDIA, Microsoft, and open-source projects, including vLLM, SGLang, and Modular, potentially exposing enterprise AI infrastructure to serious security risks.
The vulnerabilities stem from a common root cause dubbed ShadowMQ the unsafe use of ZeroMQ (ZMQ) combined with Python’s pickle deserialization mechanism.
https://cyberpress.org/critical-rce-fla ... rameworks/