VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Critical SGLang vulnerability CVE-2026-5760 (CVSS 9.8): RCE via GGUF model

Критическая уязвимость SGLang CVE-2026-5760 (CVSS 9.8): RCE через GGUF-модель

Colleagues, a critical SGLang vulnerability has been disclosed (CVE-2026-5760, CVSS 9.8) enabling RCE via a malicious GGUF file.

Key facts:
- Affects /v1/rerank: SSTI in tokenizer.chat_template (Jinja2).
- Loading the model and calling rerank can execute arbitrary Python code.
- Discovered by researcher Beck; confirmed by CERT/CC.
- Recommendation: replace jinja2.Environment with ImmutableSandboxedEnvironment and block models from untrusted sources.

Why it matters: code execution on the server compromises ML infrastructure.

How do you restrict loading external models?
#cybersecurity #MLsecurity #SGLang #Jinja2

Latest comments

No comments yet.