devtake.dev — Hugging Face

devtake.dev — Hugging FaceArticles on devtake.dev covering Hugging Face.https://devtake.dev/en-usA malicious GGUF file owns your SGLang server: CVE-2026-5760 is an unpatched 9.8https://devtake.dev/article/sglang-cve-2026-5760-gguf-rce/https://devtake.dev/article/sglang-cve-2026-5760-gguf-rce/SGLang's reranker renders chat templates without a sandbox. Load a hostile GGUF, hit /v1/rerank, and the attacker has Python on your inference box. No patch yet.Mon, 27 Apr 2026 11:30:00 GMTsecuritysglangcve-2026-5760supply-chainai-securityllmrcejinja2ggufluca-reinhardtOpenAI's Privacy Filter is a 1.5B PII redactor that ships under Apache 2.0. Here's what it actually does.https://devtake.dev/article/openai-privacy-filter/https://devtake.dev/article/openai-privacy-filter/OpenAI released Privacy Filter on April 22 as an open-weight on-device model for masking eight types of PII. F1 of 96%. Runs in a browser. Here's the catch.Sun, 26 Apr 2026 13:00:00 GMTaiopenaiprivacypiiopen-weightsai-modelsllmhugging-facedata-privacydieter-morelli