CVE-2026-5760
SGLang · SGLang
The SGLang reranking endpoint is vulnerable to Remote Code Execution (RCE) due to unsandboxed rendering of malicious Jinja2 chat templates.
Executive summary
A critical remote code execution vulnerability in SGLang allows attackers to execute arbitrary code via malicious model tokenizer templates.
Vulnerability
The vulnerability resides in the /v1/rerank endpoint, where an attacker can supply a malicious tokenizer.chat_template. Because the application uses an unsandboxed jinja2.Environment() to render these templates, the system is susceptible to arbitrary code execution.
Business impact
The potential for Remote Code Execution represents a critical risk, as it allows unauthorized actors to gain full control over the host server. Given the CVSS score of 9.8, this vulnerability could lead to total data compromise, lateral movement within the network, and significant operational disruption.
Remediation
Immediate Action: Identify all instances of SGLang in the environment and update to the latest patched version provided by the vendor.
Proactive Monitoring: Monitor server logs for unusual process execution patterns or unexpected outbound network traffic originating from the SGLang service.
Compensating Controls: Implement strict input validation on all API endpoints and ensure that the service runs with the least privilege necessary to limit the impact of a potential compromise.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability is highly severe and requires immediate attention to prevent unauthorized system access. Administrators should prioritize identifying vulnerable deployments and applying updates as soon as the vendor makes them available.