🤖 Critical RCE Vulnerability in SGLang AI Framework Enables Model Poisoning Att...

🤖 Critical RCE Vulnerability in SGLang AI Framework Enables Model Poisoning Attacks CVE-2026-5760 exposes a Server-Side Template Injection flaw in SGLang 0.5.9 that allows remote code execution through malicious GGUF model files. The vulnerability stems from insecure Jinja2 template processing in the reranking endpoint, enabling attackers to execute arbitrary commands when security researchers demonstrated that compromised models from repositories like Hugging Face are loaded. The flaw highlights critical supply chain risks in AI infrastructure, mirroring previous vulnerabilities in llama-cpp-python and vLLM frameworks. Administrators are advised to avoid untrusted GGUF models and implement sandboxed template rendering until patches are released. 🛰️ Open sources - closed narratives @sitreports