Skip to main content

Gradio CVE-2026-49119

| EUVDEUVD-2026-41115 HIGH
Path Traversal (CWE-22)
2026-07-01 VulnCheck GHSA-j36p-7w88-g82j
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Network-reachable, unauthenticated, low-complexity path traversal yielding arbitrary file read; PR:N and UI:N per the flaw, C:H with I:N/A:N since impact is disclosure only.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 19:33 vuln.today

DescriptionCVE.org

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide crafted path segments that cause os.path.join to discard the root_dir prefix entirely, resulting in arbitrary file read or exposure of sensitive files outside the intended directory.

AnalysisAI

Arbitrary file read in Gradio before 6.16.0 lets remote unauthenticated attackers escape the FileExplorer component's configured root_dir by submitting path segments with traversal sequences ('../') or absolute paths, exploiting how os.path.join discards the root prefix when handed an absolute path. Any Gradio app exposing a FileExplorer is exposed, enabling exposure of sensitive files (source code, secrets, credentials) outside the intended directory. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed Gradio FileExplorer endpoint
Delivery
Submit absolute or '../' path segment
Exploit
os.path.join discards root_dir prefix
Execution
preprocess() reads file outside root
Impact
Exfiltrate sensitive file contents

Vulnerability AssessmentAI

Exploitation Exploitation requires the target Gradio application (version before 6.16.0) to instantiate and expose the FileExplorer component, whose preprocess() method processes the attacker-controlled path; this is the exact feature that must be present. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N, base 8.7) describes a network-reachable, low-complexity, unauthenticated attack with high confidentiality impact and no integrity or availability impact - consistent with an arbitrary file read. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach a public Gradio app that exposes a FileExplorer submits a crafted path such as an absolute path (e.g. '/etc/passwd') or a segment containing '../' sequences to the component's preprocess() handler. …
Remediation Vendor-released patch: upgrade Gradio to 6.16.0 or later (https://github.com/gradio-app/gradio/releases/tag/gradio%406.16.0), which corrects the preprocess() path handling per PR #13437 and commit 97d541f. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all Gradio deployments to identify which expose the FileExplorer component and assess what sensitive files are accessible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Gradio

View all
CVE-2024-39236 CRITICAL POC
9.8 Jul 01

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. Rat

CVE-2024-0964 CRITICAL POC
9.4 Feb 05

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API reques

CVE-2024-4253 CRITICAL POC
9.1 Jun 04

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.y

CVE-2024-4325 HIGH POC
8.6 Jun 06

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within t

CVE-2024-10648 HIGH POC
8.2 Mar 20

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. Rat

CVE-2024-1540 HIGH POC
8.2 Mar 27

A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due

CVE-2023-6572 HIGH POC
8.1 Dec 14

Command Injection in GitHub repository gradio-app/gradio prior to main. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2021-43831 HIGH POC
7.7 Dec 15

Gradio is an open source framework for building interactive machine learning models and demos. Rated high severity (CVSS

CVE-2024-10624 HIGH POC
7.5 Mar 20

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the g

CVE-2025-0187 HIGH POC
7.5 Mar 20

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. R

CVE-2024-10569 HIGH POC
7.5 Mar 20

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. Rate

CVE-2026-28414 HIGH POC
7.5 Feb 27

Gradio versions up to 6.7 contains a vulnerability that allows attackers to read arbitrary files from the file system (C

Share

CVE-2026-49119 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy