A high-severity vulnerability has been discovered in the NVIDIA NeMo Agent Toolkit UI, which could allow a remote attacker to force the server to make unauthorized network requests. Successful exploitation could enable an attacker to scan internal networks, access sensitive internal services, and potentially exfiltrate confidential data, posing a significant risk to the organization's security posture.

This vulnerability is a Server-Side Request Forgery (SSRF) located in the chat API endpoint of the NVIDIA NeMo Agent Toolkit UI for Web. An unauthenticated remote attacker can craft a malicious request to this API endpoint, embedding a URL or IP address. The vulnerable application fails to properly validate this user-supplied input, causing the server to initiate a network connection to the attacker-specified destination on its own behalf, effectively acting as a proxy. This allows the attacker to bypass firewall restrictions and interact with systems on the server's internal network or access cloud metadata services.

This vulnerability is rated as High severity with a CVSS score of 7.6. Exploitation could lead to significant business consequences, including the compromise of confidential data, disruption of internal services, and unauthorized access to the internal network. Specific risks include an attacker using the server to scan for other vulnerable systems, accessing internal databases or APIs that are not exposed to the internet, and exfiltrating sensitive corporate or customer data. The ability to make requests from a trusted internal server can allow an attacker to bypass perimeter security controls, making detection and response more difficult.

Immediate Action: Apply the security updates provided by NVIDIA to all affected systems immediately. After patching, review web server and application logs for any signs of exploitation that may have occurred prior to remediation.

Proactive Monitoring:

• Log Analysis: Scrutinize web server and application logs for the NeMo Agent Toolkit UI. Look for unusual requests to the chat API endpoint, particularly those containing URLs, internal IP addresses (e.g., 127.0.0.1, 10.x.x.x, 192.168.x.x), or calls to cloud provider metadata services (e.g., 169.254.169.254).
• Network Traffic: Monitor outbound network traffic from the servers hosting the affected software. Investigate any connections to unexpected internal or external IP addresses and ports that deviate from the established baseline of normal application behavior.

Compensating Controls:

• Egress Filtering: If immediate patching is not feasible, implement strict outbound firewall rules (egress filtering) on the affected server to block all network connections except those explicitly required for business operations.
• Web Application Firewall (WAF): Deploy a WAF with rules designed to detect and block common SSRF attack patterns in HTTP requests.
• Network Segmentation: Isolate the server hosting the NeMo Agent Toolkit in a separate network segment with restricted access to critical internal resources.

Public Exploit Available: false

Given the High severity rating (CVSS 7.6) of this vulnerability and the significant risk of internal network compromise and data exfiltration, it is strongly recommended that organizations apply the security updates provided by NVIDIA to all affected systems immediately. This vulnerability should be treated as a high-priority patching target. Although this CVE is not currently listed on the CISA KEV catalog, its potential for abuse makes it a prime candidate for future exploitation. Immediate remediation and proactive monitoring are critical to mitigating the risk to the organization.