Critical SGLang vulnerability CVE-2026-5760 (CVSS 9.8): RCE via GGUF model

Colleagues, a critical SGLang vulnerability has been disclosed (CVE-2026-5760, CVSS 9.8) enabling RCE via a malicious GGUF file.
Key facts:
- Affects /v1/rerank: SSTI in tokenizer.chat_template (Jinja2).
- Loading the model and calling rerank can execute arbitrary Python code.
- Discovered by researcher Beck; confirmed by CERT/CC.
- Recommendation: replace jinja2.Environment with ImmutableSandboxedEnvironment and block models from untrusted sources.
Why it matters: code execution on the server compromises ML infrastructure.
How do you restrict loading external models?
#cybersecurity #MLsecurity #SGLang #Jinja2


Latest comments
No comments yet.