Home

Description

Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.

PUBLISHED Reserved 2026-07-07 | Published 2026-07-08 | Updated 2026-07-09 | Assigner VulnCheck




MEDIUM: 4.9CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N

HIGH: 7.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Problem types

URL Redirection to Untrusted Site ('Open Redirect')

Server-Side Request Forgery (SSRF)

Product status

Default status
unaffected

Any version before 6.20.0
affected

Credits

George Chen finder

References

github.com/gradio-app/gradio/issues/13593 (Researcher Disclosure) technical-description exploit

github.com/gradio-app/gradio/releases/tag/gradio@6.20.0 (Release Notes) release-notes

github.com/gradio-app/gradio/pull/13596 (Fix PR) issue-tracking

github.com/...ommit/1c5c53842df9c2750552d85c19a92e7e732cff3f (Fix Commit) patch

www.vulncheck.com/...t-and-ssrf-via-gradio-api-file-endpoint third-party-advisory

cve.org (CVE-2026-59806)

nvd.nist.gov (CVE-2026-59806)

Download JSON