Description
Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide crafted path segments that cause os.path.join to discard the root_dir prefix entirely, resulting in arbitrary file read or exposure of sensitive files outside the intended directory.
Published: 2026-07-01
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Gradio versions before 6.16.0 contain a path traversal flaw in the FileExplorer component’s preprocess() method. The misuse of os.path.join allows an attacker to supply crafted path segments, including directory traversal sequences or absolute paths, that cause the library to discard the configured root directory. Consequently, an unauthenticated attacker can read any file on the host that the Gradio process can access, exposing sensitive data or system files. This vulnerability is classified as CWE‑22. The impact is a loss of data confidentiality and possible system compromise.

Affected Systems

The affected product is Gradio, the open‑source machine‑learning interface library. Any deployment of Gradio earlier than version 6.16.0 that uses the FileExplorer component is vulnerable. Specific affected releases are all releases less than 6.16.0, as the fix was released in the 6.16.0 tag.

Risk and Exploitability

The flaw can be triggered without authentication by sending a specially crafted request to the FileExplorer endpoint. Because no credential requirement is mentioned, the attack vector is remote. The CVSS score of 8.7 indicates a high severity, while the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation would allow reading arbitrary files, which could lead to disclosure of credentials or other sensitive information. The risk is therefore high for any exposed Gradio service using the vulnerable component.

Generated by OpenCVE AI on July 1, 2026 at 21:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Gradio to version 6.16.0 or later.
  • If an upgrade is not possible at the moment, remove or disable the FileExplorer component from the application or restrict access to trusted users only.
  • Implement input validation for file paths in the application to reject absolute paths and directory traversal sequences before they reach os.path.join.

Generated by OpenCVE AI on July 1, 2026 at 21:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 19:15:00 +0000

Type Values Removed Values Added
Description Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide crafted path segments that cause os.path.join to discard the root_dir prefix entirely, resulting in arbitrary file read or exposure of sensitive files outside the intended directory.
Title Gradio < 6.16.0 Path Traversal via FileExplorer.preprocess()
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T18:34:45.639Z

Reserved: 2026-05-27T17:40:12.737Z

Link: CVE-2026-49119

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T21:15:05Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')