CVE-2026-7669 | sgl-project SGLang up to 0.5.9 HuggingFace Transformer hf_transformers_utils.py get_tokenizer deserialization

A vulnerability categorized as critical has been discovered in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization.

This vulnerability is identified as CVE-2026-7669. The attack can be executed remotely. There is not any exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More