CVE-2026-59806 PUBLISHED

Gradio < 6.20.0 - Open Redirect and SSRF via /gradio_api/file= endpoint

Assigner: VulnCheck
Reserved: 07.07.2026 Published: 08.07.2026 Updated: 08.07.2026

Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N
CVSS Score: 4.9

Product Status

Vendor gradio-app
Product gradio
Versions Default: unaffected
  • affected from 0 to 6.20.0 (excl.)

Credits

  • George Chen finder

References

Problem Types

  • URL Redirection to Untrusted Site ('Open Redirect') CWE
  • Server-Side Request Forgery (SSRF) CWE