SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

2026-04-20

1 min read

by info@thehackernews.com (The Hacker News)

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

CVE-2026-5760 is a critical vulnerability in SGLang that enables remote code execution through malicious GGUF model files.

•CVSS score of 9.8 affecting the /v1/rerank endpoint in SGLang's LLM serving framework
•Vulnerability exploits unsandboxed jinja2.Environment() allowing Jinja2 Server-Side Template Injection (SSTI) attacks
•Attack creates malicious GGUF model with crafted tokenizer.chat_template parameter containing SSTI payload
•When victim loads the model and requests hit /v1/rerank, arbitrary Python code executes on the server
•Mitigation requires using ImmutableSandboxedEnvironment instead of jinja2.Environment() for template rendering

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Related Articles