Vulnerabilities

CVE-2026-5760

by Fred · 20/04/2026

SGLang’s reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

More information : https://github.com/Stuub/SGLang-0.5.9-RCE

Similar

Tags: Cybersecurity Alert