CVE-2026-5760: Lmsys Sglang

What is CVE-2026-5760?

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

CVSS9.8 NVD 3.1

SeverityCRITICAL

ExploitationNo exploitation reported

Triage statusNo Known Exploit

ActionPatch within 48 hours

CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD published2026-04-20

NVD last modified2026-06-03

Affected product

Lmsys Sglang

References

https://github.com/sgl-project/sglang/pull/23660
https://github.com/Stuub/SGLang-0.5.9-RCE
https://www.kb.cert.org/vuls/id/915947
https://nvd.nist.gov/vuln/detail/CVE-2026-5760

Coverage on defend.network

SGLang & Anthropic MCP RCE; APT campaigns hit OT/healthcare auth (2026-04-21)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

What is CVE-2026-5760?

Affected product

References

Coverage on defend.network

Get Critical CVE Alerts