CVE-2026-28416
HIGH
GHSA-jmh7-g254-2cq9
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
3Description
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.
Analysis
Server-Side Request Forgery in Gradio prior to version 6.6.0 allows attackers to execute arbitrary HTTP requests through a victim's infrastructure by crafting a malicious Space with a poisoned proxy_url configuration. Applications that load untrusted Gradio Spaces via gr.load() are vulnerable to attacks targeting internal services, cloud metadata endpoints, and private networks. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running Gradio versions prior to 6.6.0 and assess their network exposure. Within 7 days: Implement network segmentation to isolate Gradio instances and restrict outbound HTTP/HTTPS requests to approved endpoints only. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today