CVE-2026-59806
HIGHGradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can...
Full CISO analysis pending enrichment.
How severe is it?
What is the attack surface?
What should I do?
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Which compliance frameworks are affected?
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2026-59806?
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.
Is CVE-2026-59806 actively exploited?
No confirmed active exploitation of CVE-2026-59806 has been reported, but organizations should still patch proactively.
How to fix CVE-2026-59806?
No patch is currently available. Monitor vendor advisories for updates.
What is the CVSS score for CVE-2026-59806?
CVE-2026-59806 has a CVSS v3.1 base score of 7.4 (HIGH).
What are the technical details?
Original Advisory
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.
Weaknesses (CWE)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Primary
CWE-918 Server-Side Request Forgery (SSRF)
Primary
CWE-601 URL Redirection to Untrusted Site ('Open Redirect') CWE-918 Server-Side Request Forgery (SSRF) CWE-601 — URL Redirection to Untrusted Site ('Open Redirect'): The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
- [Implementation] Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue." Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylis
- [Architecture and Design] Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page.
Source: MITRE CWE corpus.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N References
- github.com/gradio-app/gradio/commit/1c5c53842df9c2750552d85c19a92e7e732cff3f
- github.com/gradio-app/gradio/issues/13593
- github.com/gradio-app/gradio/pull/13596
- github.com/gradio-app/gradio/releases/tag/gradio%406.20.0
- vulncheck.com/advisories/gradio-open-redirect-and-ssrf-via-gradio-api-file-endpoint