A critical remote code execution vulnerability, CVE-2026-5760, has been identified in SGLang, a high-performance serving framework for large language models. With a CVSS score of 9.8, the flaw allows attackers to execute arbitrary code by exploiting a server-side template injection (SSTI) within the /v1/rerank endpoint. This is achieved through a malicious GGUF model file containing a crafted tokenizer.chat_template that bypasses execution controls.
The vulnerability stems from the use of unsandboxed Jinja2 environments, similar to previous high-profile flaws like 'Llama Drama'. To mitigate the risk, security researchers recommend transitioning to the ImmutableSandboxedEnvironment for rendering templates. Currently, no official patch has been released, making it vital for users to verify the provenance of models downloaded from public repositories like Hugging Face before deployment.
Top comments (0)