CVE-2026-5760

Source
https://cve.org/CVERecord?id=CVE-2026-5760
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5760.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5760
Published
2026-04-20T13:46:23.603Z
Modified
2026-07-08T08:12:42.025697034Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
CVE-2026-5760
Details

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5760.json",
    "cna_assigner": "certcc",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "8f3097e"
                },
                {
                    "last_affected": "8f3097e"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/sgl-project/sglang

Affected ranges

Type
GIT
Repo
https://github.com/sgl-project/sglang
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:lmsys:sglang:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.5.11"
        }
    ]
}

Affected versions

gateway-v0.*
gateway-v0.1.5
gateway-v0.1.6
gateway-v0.1.7
gateway-v0.1.8
gateway-v0.1.9
gateway-v0.2.0
gateway-v0.2.1
gateway-v0.2.2
gateway-v0.2.3
gateway-v0.2.4
gateway-v0.3.0
gateway-v0.3.1
v0.*
v0.1.10
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.3
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.2.0
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.14
v0.2.14.post1
v0.2.14.post2
v0.2.15
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.2.9.post1
v0.3.0
v0.3.1.post1
v0.3.1.post2
v0.3.1.post3
v0.3.2
v0.3.3
v0.3.3.post1
v0.3.4
v0.3.4.post1
v0.3.4.post2
v0.3.5
v0.3.5.post1
v0.3.5.post2
v0.3.6
v0.3.6.post1
v0.3.6.post2
v0.3.6.post3
v0.4.0
v0.4.0.post1
v0.4.0.post2
v0.4.1
v0.4.1.post1
v0.4.1.post2
v0.4.1.post3
v0.4.1.post4
v0.4.1.post5
v0.4.1.post6
v0.4.1.post7
v0.4.10
v0.4.10.post1
v0.4.10.post2
v0.4.2
v0.4.2.post1
v0.4.2.post2
v0.4.2.post3
v0.4.2.post4
v0.4.3
v0.4.3.post1
v0.4.3.post2
v0.4.3.post3
v0.4.3.post4
v0.4.4
v0.4.4.post1
v0.4.4.post2
v0.4.4.post3
v0.4.4.post4
v0.4.5
v0.4.5.post1
v0.4.5.post2
v0.4.5.post3
v0.4.6
v0.4.6.post1
v0.4.6.post2
v0.4.6.post3
v0.4.6.post4
v0.4.6.post5
v0.4.7
v0.4.7.post1
v0.4.8
v0.4.8.post1
v0.4.9
v0.4.9.post1
v0.4.9.post2
v0.4.9.post3
v0.4.9.post4
v0.4.9.post5
v0.4.9.post6
v0.5.0rc0
v0.5.0rc1
v0.5.0rc2
v0.5.1
v0.5.1.post1
v0.5.1.post2
v0.5.1.post3
v0.5.2
v0.5.2rc0
v0.5.2rc1
v0.5.2rc2
v0.5.3
v0.5.3.post1
v0.5.3.post2
v0.5.3.post3
v0.5.3rc0
v0.5.3rc1
v0.5.3rc2
v0.5.4
v0.5.4.post1
v0.5.4.post2
v0.5.4.post3
v0.5.5
v0.5.5.post1
v0.5.5.post2
v0.5.5.post3
v0.5.6
v0.5.6.post1
v0.5.6.post2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5760.json"