Improper access control in Gradio - CVE-2024-47165
Published: October 10, 2024 / Updated: April 28, 2026
Gradio
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in CORS origin validation when handling requests from a null origin. A remote attacker can send unauthorized cross-origin requests from a sandboxed iframe or other null-origin source to disclose sensitive information.
This affects locally deployed instances and may expose user authentication tokens or uploaded files.