Critical RCE Flaws in AI Inference Engines Expose Meta, Nvidia, and Microsoft Frameworks
Posted: Tue Nov 18, 2025 4:28 am
Security researchers at Oligo Security have uncovered a series of critical Remote Code Execution vulnerabilities affecting widely deployed AI inference servers from major technology companies.
The flaws impact frameworks developed by Meta, NVIDIA, Microsoft, and open-source projects, including vLLM, SGLang, and Modular, potentially exposing enterprise AI infrastructure to serious security risks.
The vulnerabilities stem from a common root cause dubbed ShadowMQ the unsafe use of ZeroMQ (ZMQ) combined with Python’s pickle deserialization mechanism.
https://cyberpress.org/critical-rce-fla ... rameworks/
The flaws impact frameworks developed by Meta, NVIDIA, Microsoft, and open-source projects, including vLLM, SGLang, and Modular, potentially exposing enterprise AI infrastructure to serious security risks.
The vulnerabilities stem from a common root cause dubbed ShadowMQ the unsafe use of ZeroMQ (ZMQ) combined with Python’s pickle deserialization mechanism.
https://cyberpress.org/critical-rce-fla ... rameworks/