Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable, unauthenticated, low-complexity path traversal yielding arbitrary file read; PR:N and UI:N per the flaw, C:H with I:N/A:N since impact is disclosure only.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide crafted path segments that cause os.path.join to discard the root_dir prefix entirely, resulting in arbitrary file read or exposure of sensitive files outside the intended directory.
AnalysisAI
Arbitrary file read in Gradio before 6.16.0 lets remote unauthenticated attackers escape the FileExplorer component's configured root_dir by submitting path segments with traversal sequences ('../') or absolute paths, exploiting how os.path.join discards the root prefix when handed an absolute path. Any Gradio app exposing a FileExplorer is exposed, enabling exposure of sensitive files (source code, secrets, credentials) outside the intended directory. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target Gradio application (version before 6.16.0) to instantiate and expose the FileExplorer component, whose preprocess() method processes the attacker-controlled path; this is the exact feature that must be present. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N, base 8.7) describes a network-reachable, low-complexity, unauthenticated attack with high confidentiality impact and no integrity or availability impact - consistent with an arbitrary file read. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach a public Gradio app that exposes a FileExplorer submits a crafted path such as an absolute path (e.g. '/etc/passwd') or a segment containing '../' sequences to the component's preprocess() handler. … |
| Remediation | Vendor-released patch: upgrade Gradio to 6.16.0 or later (https://github.com/gradio-app/gradio/releases/tag/gradio%406.16.0), which corrects the preprocess() path handling per PR #13437 and commit 97d541f. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all Gradio deployments to identify which expose the FileExplorer component and assess what sensitive files are accessible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. Rat
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API reques
A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.y
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within t
A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. Rat
A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due
Command Injection in GitHub repository gradio-app/gradio prior to main. Rated high severity (CVSS 8.1), this vulnerabili
Gradio is an open source framework for building interactive machine learning models and demos. Rated high severity (CVSS
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the g
A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. R
A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. Rate
Gradio versions up to 6.7 contains a vulnerability that allows attackers to read arbitrary files from the file system (C
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41115
GHSA-j36p-7w88-g82j