VYPR
Critical severity9.8NVD Advisory· Published Apr 20, 2026· Updated Jun 3, 2026

CVE-2026-5760

CVE-2026-5760

Description

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4

Patches

Vulnerability mechanics

References

2

News mentions

1