ModelTC/LightLLM

GitHub

github.com

Releases3

Frequency3 months 1 week

Last Release 9 months ago

Stars4.09K

LightLLM is a Python-based LLM (Large Language Model) inference and serving framework, notable for its lightweight design, easy scalability, and high-speed performance.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-26220 ↗	Feb 17, 2026Tuesday, 17 February 2026, 03:16	—	—
LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames and pass the data directly to pickle.loads() without authentication or validation. A remote attacker who can reach the PD master can send a crafted payload to achieve arbitrary code execution.