Huggingface Text-Generation-Inference vulnerabilities
2 known vulnerabilities affecting huggingface/huggingface_text-generation-inference.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-0599P2HIGHCVSS 7.5≥ unspecified, < 3.3.72026-02-02
CVE-2026-0599 [HIGH] CWE-400 CVE-2026-0599: A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET request, reading the entire response body into memory and
nvd
CVE-2024-3924P4MEDIUMCVSS 4.4≥ unspecified, < 2.0.02024-05-30
CVE-2024-3924 [MEDIUM] CWE-94 CVE-2024-3924: A code injection vulnerability exists in the huggingface/text-generation-inference repository, speci
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. The vulnerability arises from the insecure handling of the `github.head_ref` user input, which is used to dynamically construct a command for installing a software package. An attacker can exploit this by
nvd