All posts

• CVE-2026-7669: Deserialization flaw in SGLang's HuggingFace tokenizer loader

  A medium-severity deserialization bug in SGLang's get_tokenizer routine affects all releases up to 0.5.9. The vendor has not responded to the disclosure, and no fixed version is listed.

  May 3, 2026

• What this site is for

  AI Alert tracks AI incidents and vulnerabilities. Each entry is dated, sourced, and verifiable.

  May 2, 2026