Description
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.
Published: 2026-02-27
Score: 7.5 High
EPSS: 2.3% Low
KEV: No
Impact: Unauthenticated arbitrary file read on Windows via absolute path traversal
Action: Update
AI Analysis

Impact

Gradio, an open-source Python library, contains a logic flaw in its path handling for Windows systems running Python 3.13 or newer. The change in the definition of os.path.isabs allows root‑relative paths such as "/windows/win.ini" to be treated as relative, bypassing the framework’s safe join logic. This flaw is a typical absolute path traversal (CWE‑22/36) that can let an unauthenticated attacker read any file accessible to the Gradio process, including sensitive system files, thereby compromising confidentiality.

Affected Systems

The vulnerability affects the Gradio package from gradio-app:gradio, specifically any installation prior to version 6.7 running on Windows with Python 3.13 or higher.

Risk and Exploitability

With a CVSS base score of 7.5 and an EPSS of 2%, the vulnerability presents a high severity risk, though exploitation probability remains relatively low. It is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves interacting with the Gradio interface, such as its exposed API endpoints, although this inference is made from the noted flaw in path sanitization. The flaw allows reading any file accessible to the Gradio process, even when authentication is present, and does not require elevated privileges on the target machine.

Generated by OpenCVE AI on April 18, 2026 at 10:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Gradio to version 6.7 or later, which contains the path sanitization fix.
  • If an upgrade is not immediately possible, isolate Gradio from the network or remove any file‑access endpoints, and consider disabling Python 3.13+ by reverting to an earlier Python version that does not trigger the change in os.path.isabs.
  • Ensure that Gradio deployments restrict file operations to a dedicated sandbox directory and enforce strict access controls, even though the vulnerability remains regardless of authentication.

Generated by OpenCVE AI on April 18, 2026 at 10:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-39mp-8hj3-5c49 Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
History

Thu, 05 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Gradio Project
Gradio Project gradio
Weaknesses CWE-22
CPEs cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*
Vendors & Products Gradio Project
Gradio Project gradio

Mon, 02 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Gradio-app
Gradio-app gradio
Vendors & Products Gradio-app
Gradio-app gradio

Fri, 27 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
Description Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.
Title Gradio has Absolute Path Traversal on Windows with Python 3.13+
Weaknesses CWE-36
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Gradio-app Gradio
Gradio Project Gradio
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-02T22:02:17.902Z

Reserved: 2026-02-27T15:33:57.289Z

Link: CVE-2026-28414

cve-icon Vulnrichment

Updated: 2026-03-02T22:02:13.080Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T22:16:24.330

Modified: 2026-03-05T13:09:59.390

Link: CVE-2026-28414

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:15:25Z

Weaknesses