CVE-2026-5760

SGLang · SGLang

The SGLang reranking endpoint is vulnerable to Remote Code Execution (RCE) due to unsandboxed rendering of malicious Jinja2 chat templates.

Executive summary

A critical remote code execution vulnerability in SGLang allows attackers to execute arbitrary code via malicious model tokenizer templates.

Vulnerability

The vulnerability resides in the /v1/rerank endpoint, where an attacker can supply a malicious tokenizer.chat_template. Because the application uses an unsandboxed jinja2.Environment() to render these templates, the system is susceptible to arbitrary code execution.

Business impact

The potential for Remote Code Execution represents a critical risk, as it allows unauthorized actors to gain full control over the host server. Given the CVSS score of 9.8, this vulnerability could lead to total data compromise, lateral movement within the network, and significant operational disruption.

Remediation

Immediate Action: Identify all instances of SGLang in the environment and update to the latest patched version provided by the vendor.

Proactive Monitoring: Monitor server logs for unusual process execution patterns or unexpected outbound network traffic originating from the SGLang service.

Compensating Controls: Implement strict input validation on all API endpoints and ensure that the service runs with the least privilege necessary to limit the impact of a potential compromise.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This vulnerability is highly severe and requires immediate attention to prevent unauthorized system access. Administrators should prioritize identifying vulnerable deployments and applying updates as soon as the vendor makes them available.