{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28415", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-27T15:33:57.289Z", "datePublished": "2026-02-27T21:44:51.956Z", "dateUpdated": "2026-03-02T21:55:38.664Z"}, "containers": {"cna": {"title": "Gradio has Open Redirect in OAuth Flow", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-330", "lang": "en", "description": "CWE-330: Use of Insufficiently Random Values", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-pfjf-5gxr-995x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-pfjf-5gxr-995x"}], "affected": [{"vendor": "gradio-app", "product": "gradio", "versions": [{"version": "< 6.6.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-27T21:44:51.956Z"}, "descriptions": [{"lang": "en", "value": "Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host."}], "source": {"advisory": "GHSA-pfjf-5gxr-995x", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T21:55:30.572710Z", "id": "CVE-2026-28415", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T21:55:38.664Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28415", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T21:55:30.572710Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T21:55:34.975Z"}}], "cna": {"title": "Gradio has Open Redirect in OAuth Flow", "source": {"advisory": "GHSA-pfjf-5gxr-995x", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "gradio-app", "product": "gradio", "versions": [{"status": "affected", "version": "< 6.6.0"}]}], "references": [{"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-pfjf-5gxr-995x", "name": "https://github.com/gradio-app/gradio/security/advisories/GHSA-pfjf-5gxr-995x", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-330", "description": "CWE-330: Use of Insufficiently Random Values"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-27T21:44:51.956Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28415", "state": "PUBLISHED", "dateUpdated": "2026-03-02T21:55:38.664Z", "dateReserved": "2026-02-27T15:33:57.289Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-27T21:44:51.956Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*", "matchCriteriaId": "59BB794F-B63D-4D86-B0F0-E60AF9017444", "versionEndExcluding": "6.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host."}, {"lang": "es", "value": "Gradio es un paquete Python de c\u00f3digo abierto dise\u00f1ado para la creaci\u00f3n r\u00e1pida de prototipos. Antes de la versi\u00f3n 6.6.0, la funci\u00f3n _redirect_to_target() en el flujo OAuth de Gradio acepta un par\u00e1metro de consulta _target_url no validado, lo que permite la redirecci\u00f3n a URL externas arbitrarias. Esto afecta a los endpoints /logout y /login/callback en aplicaciones Gradio con OAuth habilitado (es decir, aplicaciones que se ejecutan en Hugging Face Spaces con gr.LoginButton). A partir de la versi\u00f3n 6.6.0, el par\u00e1metro _target_url se sanea para usar solo la ruta, la consulta y el fragmento, eliminando cualquier esquema o host."}], "id": "CVE-2026-28415", "lastModified": "2026-03-05T13:06:31.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-27T22:16:24.497", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-pfjf-5gxr-995x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-330"}, {"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Gradio: Gradio: Open Redirect vulnerability allows redirection to arbitrary external URLs.", "id": "2443449", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443449"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-601", "details": ["Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host.", "A flaw was found in Gradio, an open-source Python package. The _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter. A remote attacker can exploit this vulnerability by crafting a malicious URL, leading to an open redirect. This allows the attacker to redirect users to arbitrary external websites, potentially enabling phishing attacks or other forms of user manipulation."], "mitigation": {"lang": "en:us", "value": "To mitigate this open redirect vulnerability, restrict network access to the Gradio application's `/logout` and `/login/callback` endpoints, particularly if OAuth is enabled. Ensure these endpoints are not directly exposed to untrusted networks or users. If the OAuth functionality is not required for the specific deployment of the Gradio application, consider disabling it to remove the vulnerable attack surface. Consult application documentation for specific configuration details regarding OAuth and endpoint exposure. A service restart or reload may be required for changes to take effect."}, "name": "CVE-2026-28415", "public_date": "2026-02-27T21:44:51Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-28415\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28415\nhttps://github.com/gradio-app/gradio/security/advisories/GHSA-pfjf-5gxr-995x"], "statement": "This MODERATE impact vulnerability in Gradio's OAuth flow allows for open redirection due to an unvalidated `_target_url` query parameter. Red Hat products utilizing Gradio with OAuth enabled, such as the `ansible-chatbot-service`, may be affected if running vulnerable versions. Exploitation requires user interaction with the `/logout` or `/login/callback` endpoints.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.6.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "gradio", "source": "cna", "vendor": "gradio-app"}, "product": "gradio", "vendor": "gradio-app"}], "analysis": {"en": {"generated_at": "2026-04-17T13:52:37.176612+00:00", "value": {"mitigation_remediation": ["Upgrade Gradio to version\u00a06.6.0 or newer, which sanitizes the redirect target in OAuth flows.", "Verify that the OAuth endpoints now reject URLs containing a scheme or host by testing with a target like https://malicious.com.", "If an upgrade cannot be performed, disable OAuth in the application or restrict the _target_url parameter to trusted domains only."], "summary": {"action": "Patch", "impact": "Open Redirect"}, "threat_synthesis": {"affected_systems": "Gradio, the open\u2011source Python package for quick prototyping, is vulnerable in all releases prior to version\u00a06.6.0 that enable OAuth, such as Hugging Face Spaces using gr.LoginButton. Versions 6.6.0 and later include a fix that strips any scheme or host from the target URL, leaving only its path, query, and fragment.", "description_and_impact": "Gradio\u2019s _redirect_to_target function accepted an unvalidated target_url query parameter in its OAuth flow, creating a CWE\u2011601 open\u2011redirect weakness that allows a user who visits the /logout or /login/callback endpoint to be redirected to any external site. This exposure can be used for phishing, credential\u2011stealing, or other social\u2011engineering attacks.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a low overall severity, and the EPSS score is below 1\u202f%, suggesting a low probability of exploitation. The vulnerability exists on the public endpoints of Gradio apps; an attacker can simply embed a malicious redirect in a link to the /logout or /login/callback endpoint, driving unsuspecting users to a crafted URL. Since the issue is not listed in KEV, there have been no confirmed wide\u2011scale exploits at this point."}}}}, "created": "2026-03-02T12:04:45.013544+00:00", "updated": "2026-04-17T14:00:15.808197+00:00", "vendors": ["gradio-app", "gradio-app$PRODUCT$gradio"]}