CVE-2026-7669: A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file pytho
Summary
A vulnerability (CVE-2026-7669) was found in SGLang, an open-source project, affecting versions up to 0.5.9. The flaw is in the get_tokenizer function and allows deserialization (converting untrusted data into executable objects), which can be exploited remotely, though it requires high complexity to execute. The vulnerability has a CVSS score (a 0-10 severity rating) of 6.3, classified as medium severity.
Vulnerability Details
5.6(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
network
high
none
none
May 2, 2026
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7669
First tracked: May 3, 2026 at 02:07 AM
Classified by LLM (prompt v3) · confidence: 82%