CVE-2026-28414
published 2026-02-27CVE-2026-28414: Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to…
PriorityP181high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.09%
86.1th percentile
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gradio-app | gradio | < 6.7 | 6.7 |
| gradio_project | gradio | < 6.7.0 | 6.7.0 |
| gradio_project | gradio | >= 0 < 6.7.0 | 6.7.0 |
Detection & IOCsextracted from sources · hover to see the quote
path/static//windows/win.ini
- →Detect path traversal attempts targeting Gradio's /static/ endpoint using root-relative Windows paths (e.g. /static//windows/win.ini). A successful exploit returns HTTP 200 with content-type text/plain and body containing [fonts] and [extensions].
- →Fingerprint vulnerable Gradio instances by checking the root page for the JavaScript globals window.gradio_config and __gradio_mode__ in the response body.
- →The vulnerability is exploitable only on Windows hosts running Python 3.13+ because Python 3.13 changed os.path.isabs so that root-relative paths like /windows/win.ini are no longer considered absolute, bypassing Gradio's safe path-join logic. ↗
- →The attack requires no authentication and bypasses even Gradio deployments configured with authentication. ↗
- ·Vulnerability only affects Gradio versions prior to 6.7 running on Windows with Python 3.13 or later. Linux/macOS deployments are not affected because os.path.isabs behaves differently on those platforms. ↗
- ·Version 6.7 is the fixed release; upgrading to 6.7 or later fully remediates the issue. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
ghsa·2026-03-01
CVE-2026-28414 [HIGH] CWE-22 Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
### Summary
Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system.
### Details
Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely.
This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication.
### PoC
```
% curl http://10.10.10.10:7860/static//windows/win.ini
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[f
OSV
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
osv·2026-03-01
CVE-2026-28414 [HIGH] Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
### Summary
Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system.
### Details
Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely.
This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication.
### PoC
```
% curl http://10.10.10.10:7860/static//windows/win.ini
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[f
VulnCheck
gradio_project gradio Absolute Path Traversal
vulncheck·2026·CVSS 7.5
CVE-2026-28414 [HIGH] gradio_project gradio Absolute Path Traversal
gradio_project gradio Absolute Path Traversal
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.
Affected: gradio_project gradio
Required Action: Apply remediatio
No detection rules found.
Nuclei
Gradio - Absolute Path Traversal
nuclei·CVSS 7.5
CVE-2026-28414 [HIGH] Gradio - Absolute Path Traversal
Gradio - Absolute Path Traversal
Gradio < 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server.
Template:
id: CVE-2026-28414
info:
name: Gradio - Absolute Path Traversal
author: 0x_Akoko
severity: high
description: |
Gradio < 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server.
impact: |
Unauthenticated attackers can read arbitrary files on the server, potentially exposing sensitive information.
remediation: |
Upgrade to version 6.7 or later.
reference:
- https://github.com/gradio-app/gradio/securi
Wiz
CVE-2026-28414 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-28414 [MEDIUM] CVE-2026-28414 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28414 :
Gradio vulnerability analysis and mitigation
os.path.isabs
/windows/win.ini
Source : NVD
## 7.5
Score
Published February 27, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Gradio
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 79.3
Exploitation Probability (EPSS) 1.3
Affected packages and libraries
gradio
Sources
NVD
pip Severity HIGH Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Gradio vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-28
Wiz
CVE-2026-28415 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-28415 [MEDIUM] CVE-2026-28415 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28415 :
Gradio vulnerability analysis and mitigation
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host.
Source : NVD
## 4.7
Score
Published February 27, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Gradio
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Relea
Wiz
CVE-2026-27167 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-27167 [MEDIUM] CVE-2026-27167 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27167 :
Gradio vulnerability analysis and mitigation
gr.LoginButton
/login/huggingface
huggingface_hub.get_token()
"-v4"
Source : NVD
## 5.9
Score
Published February 27, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Gradio
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gradio
Sources
NVD
pip Severity LOW Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Gradio vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploi
Wiz
CVE-2026-28416 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-28416 [MEDIUM] CVE-2026-28416 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28416 :
Gradio vulnerability analysis and mitigation
gr.load()
proxy_url
Source : NVD
## 8.6
Score
Published February 27, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
Gradio
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gradio
Sources
NVD
pip Severity HIGH Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Gradio vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-28416
HIGH
8.
2026-02-27
Published
Exploited in the wild