Improper access control in Gradio - CVE-2024-1728
Published: September 25, 2024 / Updated: April 28, 2026
Gradio
Detailed vulnerability description
The vulnerability allows a remote user to disclose arbitrary files from the machine hosting the Gradio application.
The vulnerability exists due to improper access control in the Gradio file access handling when processing modified network requests to the server. A remote user can intercept and modify network requests made by the Gradio app to disclose arbitrary files from the machine hosting the Gradio application.
Only applications exposed through a publicly accessible Gradio link are vulnerable.