Server-Side Request Forgery (SSRF) in Gradio - CVE-2026-28416
Published: April 28, 2026
Vulnerability identifier: #VU128301
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-28416
CWE-ID: CWE-918
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Gradio
Affected software:
Gradio
Gradio
Detailed vulnerability description
The vulnerability allows a remote attacker to make arbitrary HTTP requests to internal services and disclose sensitive information.
The vulnerability exists due to server-side request forgery in gr.load() config processing and the proxy endpoint when loading an attacker-controlled Space configuration. A remote attacker can host a malicious Gradio Space with a crafted proxy_url and send requests through the built-in proxy route to make arbitrary HTTP requests to internal services and disclose sensitive information.
Exploitation requires the victim application to use gr.load() to load an external or untrusted Space.
How to mitigate CVE-2026-28416
Install security update from vendor's website.