{"data":{"id":"8566a696-2386-40af-8fdd-22506d2679bf","title":"CVE-2026-0599: A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploi","summary":"A vulnerability in huggingface/text-generation-inference version 3.3.6 allows attackers without authentication to crash servers by sending images in requests. The problem occurs because the software downloads entire image files into memory when checking inputs for Markdown image links (a way to embed images in text), even if it will later reject the request, causing the system to run out of memory, bandwidth, or CPU power.","solution":"The issue is resolved in version 3.3.7.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-0599","publishedAt":"2026-02-02T16:16:17.773Z","cveId":"CVE-2026-0599","cweIds":["CWE-400"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["HuggingFace","text-generation-inference"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00133,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-125","CAPEC-130"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}