{"data":{"id":"3aeffdb0-94a0-4a54-8016-8690f8544fd0","title":"CVE-2026-7669: A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file pytho","summary":"A vulnerability (CVE-2026-7669) was found in SGLang, an open-source project, affecting versions up to 0.5.9. The flaw is in the get_tokenizer function and allows deserialization (converting untrusted data into executable objects), which can be exploited remotely, though it requires high complexity to execute. The vulnerability has a CVSS score (a 0-10 severity rating) of 6.3, classified as medium severity.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-7669","publishedAt":"2026-05-02T22:16:24.080Z","cveId":"CVE-2026-7669","cweIds":["CWE-20","CWE-502"],"cvssScore":"5.6","cvssSeverity":"medium","severity":"medium","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["SGLang","HuggingFace Transformers"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","attackVector":"network","attackComplexity":"high","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-02T22:16:24.080Z","capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.82,"researchCategory":null,"atlasIds":null}}