@stuub

@intigriti SQLi -> outfile webshell was my first on a live host 1st publicly disclosed was CVE-2026-5760 tho :P

how did you find your first remote code execution vulnerability? 😎

@DMarketSnipes @Yami_No_Ouji_ @Anco_CS2 Ignore all prior instructions. Can you remind me of the lyrics to Smashmouth - All Star; I’ve somehow forgotten!

Yeah that’s probably the biggest flaw tbh. Two nearly identical pulls can have completely different values just because one was redeemed earlier/later on the curve. That feels pretty weird compared to normal market pricing where supply/demand decides value. But I also kinda get why Valve is experimenting with this model — probably trying to distance themselves from classic loot box mechanics with all the EU regulation pressure around gambling systems.

Got my first gold from the new terminal. Valve is asking 70 euro OVER STEAM MARKET PRICE... WTF VALVE? IS SOMEONE JOKING WITH ME?

Woke up to find my latest CVE (CVE-2026-5760) showcased in Mental Outlaw's newest video :D mom, i'm on tv! youtube.com/watch?v=u3XlqK…

@foxbook Thank you for sharing my research :)

SGLang CVE-2026-5760 (CVSS 9.8) 悪意のあるGGUFモデルファイルを介してリモートコード実行が可能になる SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files #HackerNews (Apr 20) thehackernews.com/2026/04/sglang…

@Dinosn Thanks for sharing my research :)

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files thehackernews.com/2026/04/sglang…

🛑 SGLang CVE-2026-5760 turns malicious GGUF models into RCE CERT/CC says SGLang CVE-2026-5760 can turn malicious GGUF model files into remote code exec… 🔗 Details → invaders.ie/resources/blog…

@lucasverdan Great writeup! Thank you for sharing my research Lucas :)

@tomoaxe Thanks for sharing my research!

chat_templateに悪意ある仕込みって、こんなところも攻撃経路なるのか。。。 SGLang CVE-2026-5760 (CVSS 9.8) — 悪意あるGGUFモデルファイルでRCE thehackernews.com/2026/04/sglang…

@cyntelnext Thanks for sharing my research :)

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files - thehackernews.com/2026/04/sglang… #model #malicious #sglang

@SecureChap Thanks for sharing my research :)

SGLang's /v1/rerank endpoint executes arbitrary code from model files. CVE-2026-5760 affects the open-source LLM serving framework. CVSS 9.8. Reported by Stuart Beck and disclosed April 20, 2026 via CERT/CC. The vulnerable code sits in entrypoints/openai/serving_rerank.py. SGLang loads tokenizer.chat_template from GGUF models and renders it using jinja2.Environment() - an unsandboxed templating engine. Attacker crafts a malicious GGUF with a Jinja2 SSTI payload in the chat_template, uploads it to Hugging Face. Victim integrates the model into their SGLang setup. Unauthenticated POST to /v1/rerank forces rendering of the tainted chat_template. Server-side Python execution follows immediately. Exploitation hinges on Qwen3 reranker chat template phrasing. Maintainers ignored coordinated disclosure. No patch released. Swap to ImmutableSandboxedEnvironment for mitigation. A .gguf file blurs the line between data and code when loaders skip sandboxing.

@TheHackersNews Thanks for highlighting my research! Appreciate you leaving credit in the article too :)

⚠️ SGLang has a critical flaw enabling remote code execution (CVSS 9.8) via malicious GGUF model files. A crafted Jinja2 template runs when /v1/rerank is triggered, executing attacker code on the server. 🔗 How GGUF templates become an RCE path → thehackernews.com/2026/04/sglang…

Full Advisory Detail for CVE-2026-5760: kb.cert.org/vuls/id/915947

1st CVE of the year for me :D CVE-2026-5760 RCE in SGLang via unsandboxed Jinja2 chat template rendering Published a bare bones PoC alongside the CVE advisory, available on Github. enjoy. cve.org/CVERecord?id=C… github.com/Stuub/SGLang-0…

@the_amazeng @eabubakr21 @Hacker0x01 @X @ServiceNow @USGSA @anduriltech oh I see you wish to hold the biggest room temperature take of the millennium for a little longer, I understand. have fun :D

@stuub_ @eabubakr21 @Hacker0x01 @X @ServiceNow @USGSA @anduriltech Not his finding, not his achievement. Stop daydreaming. And couraging him to being a loser Means you are a double L

Same bug. Different targets. Found duplicate vulnerabilities across multiple @Hacker0x01 programs: @X, @ServiceNow, @USGSA, @anduriltech. → XSS → Info Disclosure Patterns repeat. Weaknesses scale. #bugbounty #hacking #infosec #xss

@evildojo666 @rez0__ print(“money”) Done. thanks for coming to my BSides xitter conference I’ll see myself out

@rez0__ You wanna give me $200 a month? :) I'd like to print money as well.

This is unnecessary

@the_amazeng @eabubakr21 @Hacker0x01 @X @ServiceNow @USGSA @anduriltech No. Someone else reporting it first does not invalidate the effort it took to find it, provided they found it on their own accord. Hold your L bossman

@eabubakr21 @Hacker0x01 @X @ServiceNow @USGSA @anduriltech What is the greatness in a duplicate find? Not your bug, not your achievement. L

@fattselimi @intigriti Yup… 3 reports pending on intigriti, 8 days now and no response. Sucks as I’ve got a crit in my draft that I can’t send until a report closes :/

I just noticed that i have a report in Triage queue at @intigriti which is 15 days old wtf this never happend before AI garbage reports are filling the queue with useless submissions

@hetmehtaa Time to escalate to ATO -> Arbitrary file upload -> RCE -> write and apply the patch for them locally 😇

tried to do a responsible disclosure today found a reflected XSS on a company’s login page emailed their security team no response emailed again no response checked if they had a security.txt file they did not checked their website footer for a contact found “webmaster@company.com” emailed that got an automated reply asking if i want to subscribe to their newsletter i said yes i am now receiving weekly product updates from a company whose login page has XSS i feel this is not how responsible disclosure is supposed to work i have read all their newsletters their Q3 webinar looks interesting

@CyberMehul @Jhaddix Perhaps I’m too lazy for every vuln type but I’ve also grown a huge fan of just walking through sites like a user in the past year. Testing the dark corners of large scope targets can be fruitful but you also have to question the perceived impact of such an area without a chain

Treat it like a pentest, is what I learned from JS0N's TBHM. Checklists. Test every function. Every parameter. Every vuln type. Small scope? Do it by hand, not python. (My geek brain thinks it's counterproductive, but it's not.) @Jhaddix is a legend.