> TritonInfoSec News
Home / Apr 21, 2026 / Story
0
#3 The Hacker News general April 20, 2026 at 17:14 UTC

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

By [email protected] (The Hacker News)

AI Summary

CVE-2026-5760, a critical command injection vulnerability in SGLang with CVSS score 9.8, enables remote code execution through malicious GGUF model files. The flaw affects the high-performance serving framework and allows arbitrary code execution when processing specially crafted AI model files.

Read full article → https://thehackernews.com/2026/04/sglang-cve-2026-…

Relevance score: 90.0/100

# More from April 21

  1. 1
    KelpDAO suffers $290 million heist tied to Lazarus hackers BleepingComputer
  2. 2
    China's Apple App Store infiltrated by crypto-stealing wallet apps BleepingComputer
  3. 4
    Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution CyberScoop
  4. 5
    British Scattered Spider hacker pleads guilty to crypto theft charges BleepingComputer
  5. 6
    Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking SecurityWeek
  6. 7
    The Gentlemen ransomware now uses SystemBC for bot-powered attacks BleepingComputer
  7. 8
    Microsoft: Teams increasingly abused in helpdesk impersonation attacks BleepingComputer
  8. 9
    Hackers Abuse QEMU for Defense Evasion SecurityWeek
  9. 10
    Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems The Hacker News