CVE-2026-63086 | huggingface text-generation-inference up to 3.3.7 router/src/validation.rs fetch_image image_url server-side request forgery (EUVD-2026-44953)
A vulnerability, which was classified as problematic, was found in huggingface text-generation-inference up to 3.3.7. Affected is the function fetch_image of the file router/src/validation.rs of the component OpenAI-Compatible Multimodal Chat Completions Endpoint. Such manipulation of the argument image_url leads to server-side request forgery. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability is listed as CVE-2026-63086. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More