A critical security vulnerability, tracked as CVE-2026-5760, has been discovered in SGLang, a high-performance serving framework for large language models. With a CVSS score of 9.8, this flaw allows for remote code execution (RCE) through the /v1/rerank endpoint. The vulnerability arises from the insecure use of the Jinja2 rendering engine without proper sandboxing, specifically when processing malicious model files.
Attackers can exploit this by creating malicious GPT-Generated Unified Format (GGUF) model files containing a Server-Side Template Injection (SSTI) payload within the tokenizer.chat_template parameter. When a victim loads the model and accesses the vulnerable endpoint, the malicious code executes in the context of the SGLang service. Security experts recommend switching to ImmutableSandboxedEnvironment to mitigate this threat, as no official patch was confirmed during the initial coordination process.
Top comments (0)