MAL-2026-5124 Malicious code in @chat-template/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90c0b7addd5c00b1a582b2097be6020f543e892e5189b58bd0ba94d94e1e5056 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @chat-template/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90c0b7addd5c00b1a582b2097be6020f543e892e5189b58bd0ba94d94e1e5056 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-5760

SGLang's reranking endpoint /v1/rerank achieves Remote Code Execution RCE when a model file containing a malcious tokenizer.chattemplate is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment...

Arbitrary Code Injection

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Arbitrary Code Injection via the reranking endpoint when a model file containing a malicious tokenizer.chattemplate is loaded, due to...

CVE-2026-5760

SGLang's reranking endpoint /v1/rerank achieves Remote Code Execution RCE when a model file containing a malcious tokenizer.chattemplate is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment...

CVE-2026-5760

Summary of CVE-2026-5760 (SGLang) : Affected: SGLang’s reranking endpoint at /v1/rerank. Root cause: rendering Jinja2 templates with an unsandboxed environment (jinja2.Environment) during processing of a malicious tokenizer.chat_template embedded in a GGUF model file. Impact: remote code executio...

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability. This vulnerability arises from loading model files that contain malicious tokenizer/chattemplate components. As a result, the Jinja2 chat...

SGLang is vulnerable to remote code execution when rendering chat templates from a model file

Overview A remote code execution vulnerability has been discovered in the SGLang project, specifically in the reranking endpoint /v1/rerank. A CVE has been assigned to track the vulnerability; CVE-2026-5760. An attacker can create a malicious model for SGLang to achieve RCE. Successful exploitati...

CVE-2023-49214

Usedesk before 1.7.57 allows chat template injection...

Denial Of Service (DoS)

vllm is vulnerable to Denial Of Service DoS. The vulnerability is due to unrestricted Jinja template injection through the chattemplate and chattemplatekwargs parameters, where crafted templates can trigger unbounded loops or heavy rendering operations, and attackers can exploit this to exhaust C...

CVE-2025-62426

A vulnerability in vLLM allows an authenticated user to trigger unintended tokenization during chat template processing by supplying crafted chattemplatekwargs to the /v1/chat/completions or /tokenize endpoints. By forcing the server to tokenize very large inputs, an attacker can block the API...

CVE-2025-62426

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

CVE-2025-62426

Summary: CVE-2025-62426 affects vLLM up to versions before 0.11.1. The /v1/chat/completions and /tokenize endpoints accept a chat_template_kwargs parameter that is used before validation, allowing an attacker to block the API server by forcing large tokenization tasks and delaying all other reque...

CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

vLLM 安全漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from vLLM open source. A security vulnerability exists in vLLM version 0.5.5 through versions prior to 0.11.1, which stems from insufficient validation of the chattemplatekwargs parameter, and may result in API...

vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

Summary The /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...

Allocation of Resources Without Limits or Throttling

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the applyhfchattemplate method. An authenticated user can cause the server to become...

GHSA-69J4-GRXJ-J64P vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

Summary The /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...

PT-2025-47650

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. The /v1/chat/completions and /tokenize API endpoints accept a chat template kwargs request parameter that is not properly...

vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server

Summary A resource-exhaustion denial-of-service vulnerability exists in multiple endpoints of the OpenAI-Compatible Server due to the ability to specify Jinja templates via the chattemplate and chattemplatekwargs parameters. If an attacker can supply these parameters to the API, they can cause a...