CNNVD-202602-113 Information
CNNVD ID
CNNVD-202602-113
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
Text Generation Inference是Hugging Face开源的一个用于文本生成推理的 Rust、Python 和 gRPC 服务器。 Text Generation Inference 3.3.6版本存在资源管理错误漏洞,该漏洞源于VLM模式下输入验证期间无限制的外部图像获取,可能导致资源耗尽。
Description (English)
Text General Access is a Rust, Python and gRPC server that uses text generation reasoning as an open source for Hughes Face. There is a resource management error gap in version 3.3.6 of Text General Access, which stems from unrestricted external access to images during input validation in VLM mode, which may result in depletion of resources.
Hazard Level
High
Vulnerability Type
资源管理错误
Affected Vendor
Hugging Face
Published
2026-02-02
Last Modified
2026-02-24
References
https://github.com/huggingface/text-generation-inference/commit/24ee40d143d8d046039f12f76940a85886cbe152 https://huntr.com/bounties/1d3f2085-666c-4441-b265-22f6f7d8d9cd https://access.redhat.com/security/cve/cve-2026-0599
Patch
https://github.com/huggingface/text-generation-inference/releases
Share on: