#sglang

CVE-2026-7669: Deserialization flaw in SGLang's HuggingFace tokenizer loader

A medium-severity deserialization bug in SGLang's get_tokenizer routine affects all releases up to 0.5.9. The vendor has not responded to the disclosure, and no fixed version is listed.