Critical RCE Vulnerability Discovered in SGLang Framework (CVE-2026-5760)

Severity: High (Score: 69.9)

Sources: Thehackernews, www.cve.org, github.com, Gbhackers, research.jfrog.com

Summary

A remote code execution vulnerability, tracked as CVE-2026-5760, has been identified in the SGLang framework, which is used for serving large language models. The vulnerability exists in the reranking endpoint (/v1/rerank), allowing attackers to execute arbitrary code by loading a malicious GGUF model file. This exploit can lead to host compromise, lateral movement, data exfiltration, or denial-of-service attacks. The flaw arises from the use of jinja2.Environment() without proper sandboxing, enabling the execution of arbitrary Python code. No response or patch has been received from the project maintainers during the coordination process. Deployments exposing the affected interface to untrusted networks are at the highest risk. Security researchers recommend using ImmutableSandboxedEnvironment to mitigate this vulnerability. The CVE was published on April 20, 2026, following a public proof of concept released on April 2, 2026. Key Points: • CVE-2026-5760 enables remote code execution via malicious GGUF model files. • The vulnerability affects SGLang's reranking endpoint, posing risks of host compromise. • No patch or response has been issued by SGLang maintainers as of April 20, 2026.

Key Entities

• Remote Code Execution (attack_type)
• Zero-day Exploit (attack_type)
• CVE-2024-34359 (cve)
• CVE-2026-5760 (cve)
• CWE-94 - Code Injection (cwe)
• T1059.006 - Python (mitre_attack)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1203 - Exploitation for Client Execution (mitre_attack)
• T1221 - Template Injection (mitre_attack)
• DeepSeek (tool)
• Python (tool)
• Jinja2 (tool)
• Llama-cpp-python (tool)
• GGUF (platform)
• Mistral (platform)
• Qwen (platform)
• SGLang (platform)
• Skywork (platform)
• OpenAI (company)
• Llama Drama (vulnerability)