DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2026-5760

Critical

Low Medium High Critical

9.8

CVSS Score

Published: Apr 20, 2026

Last Modified: Apr 20, 2026

CWE: CWE-94

Vulnerability Description

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

Severity Details

9.8

out of 10.0

Critical

Weakness Type (CWE)

CWE-94 Top 25 #7

Improper Control of Generation of Code ('Code Injection')

Description: The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Exploit Likelihood: Medium
Typical Severity: High
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base