Improper access control in Gradio - CVE-2024-47168
Published: October 10, 2024 / Updated: April 28, 2026
Gradio
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in the /monitoring endpoint when monitoring is expected to be disabled via the enable_monitoring flag. A remote attacker can send a direct request to the endpoint to disclose sensitive information.
Sensitive application analytics may be exposed even when monitoring is configured as disabled.