Product
An unauthenticated network attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2026-63086, in the OpenAI-compatible multimodal chat completions endpoint of text-generation-inference through version 3.3.7 to coerce the server into issuing arbitrary HTTP GET requests, enabling internal port scanning and credential theft from internal services and cloud instance metadata endpoints.