CVE-2026-0599
Unknown Unknown - Not Provided
Unbounded External Image Fetching in Huggingface Text-Generation Causes Resource Exhaustion

Publication date: 2026-02-02

Last updated on: 2026-02-02

Assigner: huntr.dev

Description
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET request, reading the entire response body into memory and cloning it before decoding. This behavior can lead to resource exhaustion, including network bandwidth saturation, memory inflation, and CPU overutilization. The vulnerability is triggered even if the request is later rejected for exceeding token limits. The default deployment configuration, which lacks memory usage limits and authentication, exacerbates the impact, potentially crashing the host machine. The issue is resolved in version 3.3.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-02-02
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0599
EUVD
EUVD-2026-5137
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
huggingface text-generation-inference to 3.3.7 (exc)
huggingface text-generation-inference 3.3.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in huggingface/text-generation-inference version 3.3.6, where unauthenticated remote attackers can exploit unbounded external image fetching during input validation in VLM mode. The system scans inputs for Markdown image links and performs blocking HTTP GET requests to fetch these images, reading the entire response body into memory and cloning it before decoding. This unbounded fetching can lead to resource exhaustion such as network bandwidth saturation, memory inflation, and CPU overutilization. The vulnerability can be triggered even if the request is later rejected for exceeding token limits. The default deployment lacks memory usage limits and authentication, which can cause the host machine to crash. The issue is fixed in version 3.3.7 by introducing a configurable maximum image fetch size limit to prevent excessively large image payloads from being fetched and processed. [1]

Impact Analysis

This vulnerability can impact you by causing resource exhaustion on the host machine running the vulnerable software. Specifically, it can saturate network bandwidth, inflate memory usage, and overutilize CPU resources, potentially leading to a crash of the host machine. Since the vulnerability can be exploited by unauthenticated remote attackers, it poses a risk of denial-of-service attacks that disrupt service availability. [1]

Detection Guidance

Detection can focus on monitoring for unusual HTTP GET requests initiated by the huggingface/text-generation-inference service, especially those fetching large external images embedded in Markdown inputs. Network monitoring tools or packet capture utilities (e.g., tcpdump or Wireshark) can be used to identify outbound HTTP requests to external image URLs. Additionally, inspecting logs of the inference server for repeated or large image fetch attempts may help. Specific commands could include: 1. Using tcpdump to capture HTTP GET requests from the server: tcpdump -i <interface> 'tcp port 80 or tcp port 443' and filtering for requests from the text-generation-inference process IP. 2. Using curl or wget to test fetching large images via Markdown input to see if the server attempts to fetch them. 3. Checking server resource usage (memory, CPU) spikes during inference requests that include Markdown image links. However, no explicit detection commands are provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading huggingface/text-generation-inference to version 3.3.7 or later, where the vulnerability is fixed by introducing a configurable maximum image fetch size limit (`max_image_fetch_size`) that prevents unbounded image fetching and resource exhaustion. Additionally, configuring this parameter to a reasonable size limit (default 1 GB or lower) can help prevent denial-of-service attacks. Implementing authentication and memory usage limits in the deployment configuration can further reduce risk. Until upgrade, monitoring and restricting outbound HTTP requests from the inference server may help mitigate exploitation. [1]

Compliance Impact

The vulnerability allows unauthenticated remote attackers to cause resource exhaustion through unbounded external image fetching, potentially crashing the host machine. This can lead to denial of service and availability issues.

While the CVE description and resources do not explicitly mention compliance with standards like GDPR or HIPAA, the availability impact could indirectly affect compliance, as these regulations require maintaining system availability and protecting against denial-of-service attacks.

The default deployment lacks authentication and memory limits, which exacerbates the risk, potentially violating best practices for secure system configuration required by many compliance frameworks.

The fix introduced in version 3.3.7 adds a configurable maximum image fetch size limit to prevent resource exhaustion, improving security posture and helping maintain compliance with availability and security requirements.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0599. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart