Handler on Duty: Brad Duncan
Threat Level: green
| Published | 2026-05-02 22:16:24 |
|---|---|
| Last Modified | 2026-05-02 22:16:24 |
| AKA | CVE-2026-7669 |
| Summary | A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVSS Score | 5.1 |
| Access Vector | Local | Adjacent | Network |
|---|---|---|---|
| Access Complexity | Low | Medium | High |
| Authentication | None | Single | Multiple |
| Confidentiality | None | Partial | Complete |
| Integrity | None | Partial | Complete |
| Availability | None | Partial | Complete |