Skip to main content

Text Generation Inference

1 CVEs product

Monthly

CVE-2026-63086 MEDIUM POC This Month

Server-side request forgery in HuggingFace text-generation-inference through version 3.3.7 enables unauthenticated remote attackers to coerce the server into issuing arbitrary outbound HTTP GET requests via a crafted image_url value submitted to the OpenAI-compatible multimodal chat completions endpoint. The fetch_image function in router/src/validation.rs applies no destination validation, and the reqwest client's default redirect-following behavior allows attackers to chain redirects to bypass any scheme-level controls, reaching cloud instance-metadata services (e.g., AWS IMDSv1 at 169.254.169.254) to steal IAM credentials or enumerate internal port services. Publicly available exploit code exists (VulnCheck/geo-chen); no KEV listing at time of analysis, but the combination of unauthenticated access, cloud credential theft potential, and working POC makes this a genuine priority for any cloud-hosted TGI deployment.

SSRF Text Generation Inference
NVD GitHub VulDB
CVSS 4.0
6.9
CVSS 6.9
MEDIUM POC This Month

Server-side request forgery in HuggingFace text-generation-inference through version 3.3.7 enables unauthenticated remote attackers to coerce the server into issuing arbitrary outbound HTTP GET requests via a crafted image_url value submitted to the OpenAI-compatible multimodal chat completions endpoint. The fetch_image function in router/src/validation.rs applies no destination validation, and the reqwest client's default redirect-following behavior allows attackers to chain redirects to bypass any scheme-level controls, reaching cloud instance-metadata services (e.g., AWS IMDSv1 at 169.254.169.254) to steal IAM credentials or enumerate internal port services. Publicly available exploit code exists (VulnCheck/geo-chen); no KEV listing at time of analysis, but the combination of unauthenticated access, cloud credential theft potential, and working POC makes this a genuine priority for any cloud-hosted TGI deployment.

SSRF Text Generation Inference
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy