SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

What’s new: A critical vulnerability in SGLang, tracked as CVE-2026-5760 with a CVSS score of 9.8, allows for remote code execution (RCE) via malicious GPT-Generated Unified Format (GGUF) model files. The flaw is due to command injection through the “/v1/rerank” endpoint, enabling attackers to execute arbitrary Python code on the server.

Who’s affected

All users of SGLang who utilize the reranking endpoint and load GGUF model files are at risk. The vulnerability arises from the use of jinja2.Environment() without sandboxing, which can be exploited by specially crafted model files.

What to do

• Implement the use of ImmutableSandboxedEnvironment instead of jinja2.Environment() to render chat templates and mitigate the risk of arbitrary code execution.

Sources

• The Hacker News