Skip to main content

Python CVE-2026-27167

NONE
Insufficiently Protected Credentials (CWE-522)
2026-02-27 security-advisories@github.com GHSA-h3h8-3v2v-rg7m
Python Hugging Face AI / ML

Severity by source

GitHub Advisory
0.0 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 05, 2026 - 13:13 vuln.today
Public exploit code
CVE Published
Feb 27, 2026 - 22:16 nvd
NONE

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 6 pypi packages depend on gradio (6 direct, 0 indirect)

Ecosystem-wide dependent count for version 4.16.0.

DescriptionGitHub Advisory

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. gr.LoginButton) are used. When a user visits /login/huggingface, the server retrieves its own Hugging Face access token via huggingface_hub.get_token() and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string "-v4", making the payload trivially decodable. Version 6.6.0 fixes the issue.

AnalysisAI

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment Attack vector: Network. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker could exploit this vulnerability to compromise the affected system.
Remediation Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL POC
9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac
CVE-2026-20251 HIGH
8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil
CVE-2026-53753 CRITICAL
9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-48519 CRITICAL
9.6 Jun 16

Remote code execution in Langflow versions through 1.9.1 allows unauthenticated attackers to execute arbitrary Python co
CVE-2026-45833 CRITICAL
9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U

Share

CVE-2026-27167 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy