CVE-2026-5760

| EUVD-2026-23860 CRITICAL
2026-04-20 certcc GHSA-2wm4-697g-pfq8
Code Injection RCE Sglang
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 20, 2026 - 17:12 vuln.today

DescriptionNVD

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

AnalysisAI

Remote code execution in SGLang 0.5.9's /v1/rerank endpoint allows unauthenticated attackers to execute arbitrary code by loading specially crafted model files with malicious Jinja2 templates. The vulnerability stems from unsandboxed rendering of tokenizer.chat_template fields, enabling template injection attacks. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all SGLang deployments using versions ≤0.5.9 and assess exposure to untrusted model sources; isolate affected instances from production traffic if possible. Within 7 days: Implement network-level controls to restrict access to SGLang /v1/rerank endpoints to trusted internal sources only; disable model loading from untrusted repositories. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-5760 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy