Cleartext transmission of sensitive information in Gradio - CVE-2024-47871
Published: October 10, 2024 / Updated: April 28, 2026
Gradio
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information and modify transmitted data.
The vulnerability exists due to missing encryption in FRP client-server communication when using the share=True option. A remote attacker can intercept network traffic between the FRP client and server to disclose sensitive information and modify transmitted data.
This issue affects publicly shared Gradio demos exposed over the internet through the share=True feature.