PT-2026-56568 · Gradio App · Gradio
George Chen
·
Publicado
2026-07-08
·
Atualizado
2026-07-08
·
CVE-2026-59806
CVSS v3.1
7.4
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file fetch() function in the /gradio api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.
Exploit
Correção
Open Redirect
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Gradio