A critical security vulnerability (CVE-2026-5760) with a severity score of 9.8 has been identified in SGLang, an AI inference server. The issue arises from a poisoned GGUF model file containing a chat-template that SGLang processes via an unsandboxed Jinja2, allowing arbitrary Python code execution on the host system. This vulnerability is similar to past issues found in llama-cpp-python and vLLM, highlighting a persistent oversight in handling model file templates across multiple AI frameworks. AI
影响 Critical vulnerability in SGLang allows arbitrary code execution, impacting the security of AI model deployments.
排序理由 Security advisory for an open-source AI inference server with a critical severity score.
在 Mastodon — fosstodon.org 阅读 →
AI 生成摘要 · Google Gemini · 来自 1 个来源。 我们如何撰写摘要 →
