Impact
The vulnerability occurs in Huggingface’s text‑generation‑inference component.6, when the router processes VLM mode inputs containing Markdown image links performs a the entire response body before decoding. This unbounded large amounts of network bandwidth, memory, and CPU, leading to resource exhaustion. It reflects an instance of CWE‑400, uncontrolled resource consumption. Even if the request is later rejected for exceeding token limits, the earlier resource consumption still occurs, potentially crashing the host.
Affected Systems
Huggingface’s text‑generation‑inference 3.3.6 is affected. The issue remains under default deployment configurations that lack authentication and memory limits. Versions 3.3.7 and later include the fix and are not vulnerable.
Risk and Exploitability
The CVSS score of 7.5 indicates a high‑severity flaw, while the EPSS score of 22% suggests a moderate to high probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit it remotely by sending an unauthenticated HTTP request containing a Markdown image link; the server will attempt to fetch the image, consuming network, memory, and CPU resources, which can lead to a denial of service or host crash.
OpenCVE Enrichment
Github GHSA