CVE-2026-5760

· NIST NVD ↗

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

CRITICAL
CVSS severity
9.8
CVSS base score
2026-04-20
Published

CWE codes

CWE-94

Sources