A critical security vulnerability (CVE-2026-5760) with a severity score of 9.8 has been identified in SGLang, an AI inference server. The issue arises from a poisoned GGUF model file containing a chat-template that SGLang processes via an unsandboxed Jinja2, allowing arbitrary Python code execution on the host system. This vulnerability is similar to past issues found in llama-cpp-python and vLLM, highlighting a persistent oversight in handling model file templates across multiple AI frameworks. AI
IMPACT Critical vulnerability in SGLang allows arbitrary code execution, impacting the security of AI model deployments.
RANK_REASON Security advisory for an open-source AI inference server with a critical severity score.
Read on Mastodon — fosstodon.org →
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →
