Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

SGLang

Critical SGLang flaw can enable remote code execution

News, Research, Risk, Vulnerabilities

April 21, 2026

A critical flaw in SGLang, tracked as CVE-2026-5760 and rated 9.8, could allow remote code execution through a crafted model file and the /v1/rerank endpoint, according to a CERT/CC advisory.
Researchers find widespread remote code execution risk in AI inference engines from unsafe ZMQ and pickle use

Research, Risk, Vendors, Vulnerabilities

November 15, 2025

Researchers found a recurring insecure pattern — pickle deserialization over unauthenticated ZeroMQ sockets — in multiple AI inference frameworks, creating remote code execution risks across projects including vLLM, NVIDIA TensorRT-LLM, Modular Max Server and SGLang; related research also showed browser and IDE injection risks in Cursor.

About
Editorial Policy
Privacy
Contact