CVE-2026-27167
published 2026-02-27CVE-2026-27167: Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running…
PriorityP339medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
0.45%
36.1th percentile
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable. Version 6.6.0 fixes the issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gradio-app | gradio | — | — |
| gradio_project | gradio | >= 4.16.0 < 6.6.0 | 6.6.0 |
| gradio_project | gradio | >= 4.16.0 < 6.6.0 | 6.6.0 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_redhat5.9NONE
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
ghsa·2026-03-01
CVE-2026-27167 [LOW] CWE-522 Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
## Summary
Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable.
## Affected Component
`gradio/oauth.py` — functions `attach_oauth()`, `_add_mocked_oauth_routes()`, and `_get_mock
OSV
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
osv·2026-03-01
CVE-2026-27167 [LOW] Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
## Summary
Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable.
## Affected Component
`gradio/oauth.py` — functions `attach_oauth()`, `_add_mocked_oauth_routes()`, and `_get_mock
Red Hat
Gradio: Gradio: Information disclosure due to hardcoded secret in session cookie signing, allowing remote attackers to steal Hugging Face tokens.
vendor_redhat·2026-02-27·CVSS 5.9
CVE-2026-27167 [NONE] CWE-798 Gradio: Gradio: Information disclosure due to hardcoded secret in session cookie signing, allowing remote attackers to steal Hugging Face tokens.
Gradio: Gradio: Information disclosure due to hardcoded secret in session cookie signing, allowing remote attackers to steal Hugging Face tokens.
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-28414 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-28414 [MEDIUM] CVE-2026-28414 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28414 :
Gradio vulnerability analysis and mitigation
os.path.isabs
/windows/win.ini
Source : NVD
## 7.5
Score
Published February 27, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Gradio
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 79.3
Exploitation Probability (EPSS) 1.3
Affected packages and libraries
gradio
Sources
NVD
pip Severity HIGH Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Gradio vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-28
Wiz
CVE-2026-28415 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-28415 [MEDIUM] CVE-2026-28415 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28415 :
Gradio vulnerability analysis and mitigation
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host.
Source : NVD
## 4.7
Score
Published February 27, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Gradio
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Relea
Wiz
CVE-2026-27167 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-27167 [MEDIUM] CVE-2026-27167 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27167 :
Gradio vulnerability analysis and mitigation
gr.LoginButton
/login/huggingface
huggingface_hub.get_token()
"-v4"
Source : NVD
## 5.9
Score
Published February 27, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Gradio
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gradio
Sources
NVD
pip Severity LOW Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Gradio vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploi
Wiz
CVE-2026-28416 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-28416 [MEDIUM] CVE-2026-28416 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28416 :
Gradio vulnerability analysis and mitigation
gr.load()
proxy_url
Source : NVD
## 8.6
Score
Published February 27, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
Gradio
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gradio
Sources
NVD
pip Severity HIGH Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Gradio vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-28416
HIGH
8.
2026-02-27
Published