ai-inference-server Authentication Bypass Vulnerability in Model Inference API

Vulnerability

An authentication bypass vulnerability has been identified in the ai-inference-server model inference API. All /v1/* endpoints are supposed to validate API keys, but the POST /invocations endpoint does not, allowing unauthorized users to access inference features available on protected endpoints. This could lead to exposure of sensitive functionality or unintended access to backend resources.

Impact

Exploiting this vulnerability allows unauthorized users to access protected inference features, potentially leading to abuse of those functionalities. According to Red Hat, this could involve accessing or manipulating sensitive data, utilizing administrative functions, or even executing arbitrary code, depending on the context.

Added: Jul 1, 2025, 2:19 PM

Updated: Jul 1, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ai-inference-server Authentication Bypass Vulnerability in Model Inference API

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating