CVE-2026-28414
Absolute path traversal vulnerability in gradio (PyPI)
What is CVE-2026-28414 About?
This is an absolute path traversal vulnerability affecting Gradio apps on Windows with Python 3.13+, which allows unauthenticated attackers to read arbitrary files. The vulnerability stems from a change in `os.path.isabs` behavior and Gradio's path joining logic. Exploitation is straightforward, requiring only a crafted URL.
Affected Software
Technical Details
The vulnerability arises because Python 3.13+ changed the definition of os.path.isabs on Windows, no longer considering root-relative paths (e.g., /windows/win.ini) as absolute. Gradio's internal logic for joining paths safely relies on this function to prevent path traversal. When os.path.isabs incorrectly evaluates a root-relative path as non-absolute, Gradio's path joining logic can inadvertently append this path component in a way that allows it to escape the intended directory. This enables unauthenticated attackers to construct a URL like /static//windows/win.ini and have the Gradio server read and return content from arbitrary file system locations, such as C:\windows\win.ini, even outside the static root.
What is the Impact of CVE-2026-28414?
Successful exploitation may allow attackers to read arbitrary files from the file system where the Gradio application is running. This could lead to the unauthorized disclosure of sensitive information, such as configuration files, user data, or source code.
What is the Exploitability of CVE-2026-28414?
Exploitation is low complexity, requiring only the construction of a specially crafted URL. No authentication is required, allowing unauthenticated attackers to compromise sensitive files. No special privileges are needed on the attacker's part. The attack is remote, as it can be initiated by sending a simple HTTP request to the vulnerable Gradio server. The key prerequisites are that the Gradio app runs on a Windows system with Python 3.13+ installed. The risk is high given that authentication mechanisms within Gradio do not protect against this type of unauthenticated arbitrary file read.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2026-28414?
Available Upgrade Options
- gradio
- <6.7.0 → Upgrade to 6.7.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/gradio-app/gradio/security/advisories/GHSA-39mp-8hj3-5c49
- https://github.com/gradio-app/gradio/commit/6011b00d0154b85532fa901dd73cf8fa7d86fd04
- https://nvd.nist.gov/vuln/detail/CVE-2026-28414
- https://github.com/gradio-app/gradio/security/advisories/GHSA-39mp-8hj3-5c49
- https://github.com/gradio-app/gradio
- https://osv.dev/vulnerability/GHSA-39mp-8hj3-5c49
What are Similar Vulnerabilities to CVE-2026-28414?
Similar Vulnerabilities: CVE-2023-46700 , CVE-2023-28432 , CVE-2022-24706 , CVE-2021-41221 , CVE-2020-28469
