CVE-2026-5760

SGLang's reranking endpoint /v1/rerank achieves Remote Code Execution RCE when a model file containing a malcious tokenizer.chattemplate is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment...

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760 , carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection...

CVE-2026-5760 CVE-2026-5760

SGLang's reranking endpoint /v1/rerank achieves Remote Code Execution RCE when a model file containing a malcious tokenizer.chattemplate is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment...

PT-2026-33769

Name of the Vulnerable Software and Affected Versions SGLang affected versions not specified Description An issue in the '/v1/rerank' endpoint allows remote code execution when a model file containing a malicious tokenizer.chat template is loaded. This occurs because Jinja2 chat templates are...

SGLang is vulnerable to remote code execution when rendering chat templates from a model file

Overview A remote code execution vulnerability has been discovered in the SGLang project, specifically in the reranking endpoint /v1/rerank. A CVE has been assigned to track the vulnerability; CVE-2026-5760. An attacker can create a malicious model for SGLang to achieve RCE. Successful exploitati...

Exploit for CVE-2026-5760

SGLang SSTI to RCE PoC — Unsandboxed Jinja2 Chat Template Rend...