CVE-2026-63086
Hugging Face · text-generation-inference
Hugging Face text-generation-inference is vulnerable to Server-Side Request Forgery (SSRF) via the fetch image functionality in multimodal chat completions.
Executive summary
A Server-Side Request Forgery vulnerability in Hugging Face text-generation-inference allows unauthenticated attackers to perform unauthorized requests, posing a significant risk to internal network security.
Vulnerability
The application is susceptible to a Server-Side Request Forgery (SSRF) flaw triggered through the fetch image feature within multimodal chat completions. This allows an unauthenticated attacker to force the server to make arbitrary requests to internal or external resources.
Business impact
Successful exploitation allows an attacker to bypass network perimeters, potentially accessing internal services or sensitive metadata endpoints not exposed to the public internet. Given the CVSS score of 8.6, this vulnerability represents a high risk to organizational confidentiality and network integrity, as it could lead to unauthorized data exfiltration or internal reconnaissance.
Remediation
Immediate Action: Update the Hugging Face text-generation-inference software to the latest version, ensuring all patches for the multimodal chat completion endpoints are applied.
Proactive Monitoring: Monitor egress traffic from the application server for suspicious connection attempts to internal IP addresses or unauthorized external domains.
Compensating Controls: Implement strict firewall rules and network segmentation to prevent the application server from initiating connections to sensitive internal network segments.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
The high severity of this SSRF vulnerability necessitates immediate attention to prevent unauthorized network access. Administrators should prioritize updating the software and auditing network access controls to limit the blast radius of potential exploitation.