CVE-2024-12720: A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, spe
Summary
A ReDoS (regular expression denial of service, where a poorly designed search pattern can be exploited to consume excessive computer processing power) vulnerability was found in the huggingface/transformers library version 4.46.3, specifically in code that processes text tokens. An attacker could send specially crafted input that causes the regex to work inefficiently, using up all the CPU and crashing the application.
Vulnerability Details
7.5(high)
EPSS: 0.1%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-12720
First tracked: February 15, 2026 at 08:43 PM
Classified by LLM (prompt v3) · confidence: 95%