cbcvebase.
CVE-2026-26220
published 2026-02-17

CVE-2026-26220: LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node…

PriorityP268critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.66%
47.1th percentile
LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads() without authentication or validation. A remote attacker who can reach the PD master can send a crafted payload to achieve arbitrary code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
modeltclightllm<= 1.1.0

Detection & IOCsextracted from sources · hover to see the quote

otherpickle.loads() called on unauthenticated WebSocket binary frames
  • Monitor for unauthenticated WebSocket connections to LightLLM PD master node endpoints receiving binary frames — these may carry malicious pickle payloads for RCE.
  • Detect LightLLM running in PD (prefill-decode) disaggregation mode as an attack surface; any external network access to the PD master node should be treated as high-risk.
  • ·No fix is available as of the publication date (Feb 17, 2026); LightLLM 1.1.0 and all prior versions are affected with no patch released.
  • ·The vulnerability is only exploitable when LightLLM is deployed in PD disaggregation mode; standard deployments not using this mode may not expose the vulnerable WebSocket endpoints.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.