Intel

AIKIDO-2026-680474

inference is vulnerable to Server-Side Request Forgery (SSRF)

Server-Side Request Forgery (SSRF)GHSA-hjmm-hr52-vrp2 Published Today

86

High Risk

This Affects:

PYTHONinference
0.8.0 - 1.3.4
Fixed in 1.3.5
Are you affected? Scan for Free

TL;DR

The core image-loading path fetches images from caller-supplied URLs and validates only the hostname string, without resolving the host and while following redirects without re-validating each hop. An attacker who can supply an image URL can steer the server into fetching internal resources such as cloud metadata endpoints, loopback services, and private or link-local hosts, either directly, via a hostname that resolves to a private address, via a redirect, or via DNS rebinding. This exposes internal services and cloud credentials through server-side request forgery. The fix adds resolved-IP validation with connection pinning to the validated address and per-hop redirect re-validation.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your deployment loads images from caller-supplied URLs.

Background info

inference is vulnerable to Server-Side Request Forgery (SSRF) in versions 0.8.0 - 1.3.4.

How to fix this

Upgrade the inference library to the patch version.