AI Alert

AI incidents and vulnerabilities — tracked, sourced, dated.

CVE-2026-7669: Deserialization flaw in SGLang's HuggingFace tokenizer loader

A medium-severity deserialization bug in SGLang's get_tokenizer routine affects all releases up to 0.5.9. The vendor has not responded to the disclosure, and no fixed version is listed.

May 3, 2026

Recent posts

CISA Adds Actively Exploited Linux Kernel LPE CVE-2026-31431 to KEV

A local privilege escalation flaw in the Linux kernel's AEAD crypto interface has been added to CISA's KEV catalog after active exploitation. Federal patch deadline is May 15, 2026.
May 3, 2026
What this site is for

AI Alert tracks AI incidents and vulnerabilities. Each entry is dated, sourced, and verifiable.
May 2, 2026

Subscribe

AI incidents and vulnerabilities — tracked, sourced, dated. — delivered when there's something worth your inbox.

No spam. Unsubscribe anytime.

AI Alert

CVE-2026-7669: Deserialization flaw in SGLang's HuggingFace tokenizer loader

Recent posts

CISA Adds Actively Exploited Linux Kernel LPE CVE-2026-31431 to KEV

What this site is for

Subscribe