CVE-2026-0599 is a vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) affecting huggingface/text-generation-inference version 3.3.6. The vulnerability arises in the Vision Language Model (VLM) mode during input validation, where the system parses inputs for Markdown image links. Upon detecting such links, the router performs a blocking HTTP GET request to fetch the external image. The entire HTTP response body is read into memory and cloned before decoding, without any imposed size or time limits. This unbounded external image fetching can be exploited by unauthenticated remote attackers to cause resource exhaustion, including saturating network bandwidth, inflating memory usage, and overloading CPU resources. Notably, the vulnerability triggers even if the request is later rejected due to token limits, meaning attackers can cause denial-of-service conditions without successful input processing. The default deployment configuration exacerbates the issue because it lacks memory usage limits and authentication mechanisms, increasing the risk of host machine crashes. Although no known exploits are currently reported in the wild, the vulnerability's nature and ease of exploitation (no authentication or user interaction required) make it a significant risk. The vendor addressed the issue in version 3.3.7 by presumably adding resource constraints and/or authentication requirements.

For European organizations deploying huggingface/text-generation-inference version 3.3.6 or earlier, this vulnerability poses a significant risk of denial-of-service (DoS) attacks. Attackers can remotely trigger resource exhaustion by submitting inputs containing Markdown image links pointing to large or slow-responding external resources, causing excessive memory and CPU consumption and network bandwidth saturation. This can lead to service outages, degraded performance, and potential crashes of critical AI inference infrastructure. Organizations relying on this software for AI-driven applications, including natural language and vision-language processing, may experience operational disruptions. The lack of authentication in default deployments increases exposure, especially for publicly accessible inference services. Such outages could impact customer-facing services, internal automation, or research environments. Additionally, the resource exhaustion could be leveraged as a smokescreen for other attacks or to degrade trust in AI services. Given the growing adoption of Hugging Face tools in Europe, the threat is material and requires prompt mitigation.

European organizations should immediately upgrade huggingface/text-generation-inference to version 3.3.7 or later, where the vulnerability is fixed. Until upgrading, implement strict network egress controls to restrict outbound HTTP requests from the inference service, preventing arbitrary external image fetching. Configure resource limits such as memory caps, CPU quotas, and request timeouts at the container or orchestration level (e.g., Kubernetes resource limits) to contain potential resource exhaustion. Enable authentication and authorization mechanisms to restrict access to the inference API, especially if deployed in public or semi-public environments. Implement input validation or sanitization to detect and block Markdown image links before processing. Monitor system resource usage and network traffic for anomalous spikes indicative of exploitation attempts. Consider deploying web application firewalls (WAFs) or API gateways with rate limiting and request inspection to mitigate abuse. Finally, maintain an incident response plan to quickly isolate and remediate affected systems if exploitation is suspected.