CVE-2026-63086 in text-generation-inference정보

요약

\~에 의해 MITRE • 2026. 07. 16.

text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF) vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted image_url value in chat message content. The fetch_image function in router/src/validation.rs performs no validation of private, loopback, link-local, or cloud metadata target addresses, and the reqwest HTTP client follows redirects by default, enabling attackers to bypass scheme checks via redirect chains to reach internal services and cloud instance-metadata endpoints for internal port scanning and credential theft.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

책임이 있는

VulnCheck

예약하다

2026. 07. 15.

모더레이션

수락

항목

VDB-379599

EPSS

0.00000

활동

중간

출처

Do you want to use VulDB in your project?

Use the official API to access entries easily!