CVE-2026-5760 | THREATINT

Description

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

PUBLISHED Reserved 2026-04-07 | Published 2026-04-20 | Updated 2026-04-29 | Assigner certcc

Problem types

CWE-94: Improper Control of Generation of Code ('Code Injection')

Product status

8f3097e

affected

References

www.kb.cert.org/vuls/id/915947

github.com/Stuub/SGLang-0.5.9-RCE

github.com/sgl-project/sglang/pull/23660

cve.org (CVE-2026-5760)

nvd.nist.gov (CVE-2026-5760)

Download JSON