Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-28414— Gradio has Absolute Path Traversal on Windows with Python 3.13+

CVSS 7.5 · High EPSS 3.20% · P87
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-28414

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Gradio has Absolute Path Traversal on Windows with Python 3.13+
Source: NVD (National Vulnerability Database)
Vulnerability Description
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
绝对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gradio 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gradio是Gradio开源的一个开源 Python 库,是通过友好的 Web 界面演示机器学习模型的方法。 Gradio 6.7之前版本存在安全漏洞,该漏洞源于Python 3.13+中os.path.isabs定义变更导致绝对路径遍历逻辑缺陷,可能导致未经验证的攻击者从文件系统读取任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
gradio-appgradio < 6.7 -

II. Public POCs for CVE-2026-28414

#POC DescriptionSource LinkShenlong Link
1Gradio < 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-28414.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-28414

登录查看更多情报信息。

Same Patch Batch · gradio-app · 2026-02-27 · 4 CVEs total

CVE-2026-284168.2 HIGHGradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
CVE-2026-284154.3 MEDIUMGradio has Open Redirect in OAuth Flow
CVE-2026-27167Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret

IV. Related Vulnerabilities

Same product: gradio
Same vendor: gradio-app
Same weakness: CWE-36

V. Comments for CVE-2026-28414

No comments yet

Leave a comment