CVE-2026-5760 – SGLang
CVSS 9.8
CRITICAL
“One exposed endpoint can hand over complete control in seconds.”
SGLang patched a critical remote code execution vulnerability affecting its core framework. The issue allows unauthenticated attackers to execute arbitrary code on impacted systems through crafted requests, putting entire environments at immediate risk of compromise.
CVE-2026-5760 has a CVSS score of 9.8, which is Critical severity. The vulnerability carries maximum impact across confidentiality, integrity, and availability with no required privileges. Public proof-of-concept code has been verified, increasing the likelihood of rapid weaponization.
This patch closes the exposed execution path and enforces stricter input handling to prevent unauthorized command execution.
Key Details
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-94
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.