A severe security flaw has surfaced in SGLang, an open-source high-performance serving framework, presenting an urgent threat to deployed systems worldwide. The vulnerability, designated CVE-2026-5760, carries a CVSS severity score of 9.8 out of 10.0, placing it in the critical category and demanding immediate attention from affected users and administrators.
The vulnerability stems from a command injection flaw that can be triggered through specially crafted GGUF model files. When a susceptible system processes a malicious GGUF file, attackers can execute arbitrary code with the privileges of the running SGLang process. This attack vector is particularly concerning given the widespread adoption of GGUF format files in machine learning and AI serving environments.
GGUF files, which are commonly used for storing and distributing language model weights, represent a trusted input source in many development workflows. The vulnerability exploits this trust by embedding malicious commands within the file structure itself. Upon loading, the compromised model file triggers unintended code execution before standard security measures can intervene.
The near-perfect CVSS score reflects the vulnerability's ease of exploitation and severe impact. Attackers require minimal technical sophistication to craft a malicious GGUF file, and successful exploitation grants them complete control over the affected system. This capability could enable data theft, lateral network movement, service disruption, or establishment of persistent access mechanisms.
SGLang users should prioritize applying security patches immediately upon availability. Organizations running SGLang in production environments face heightened risk, particularly if they load models from untrusted or unverified sources. Until patches are deployed, administrators should implement strict access controls limiting which users can upload or load model files.
The disclosure underscores the expanding attack surface in AI infrastructure as organizations integrate open-source serving frameworks into their operations. Security researchers continue monitoring for potential exploitation attempts in the wild, though no widespread attacks have been confirmed at this time.