Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 08 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials. | |
| Title | Gradio < 6.20.0 - Open Redirect and SSRF via /gradio_api/file= endpoint | |
| First Time appeared |
Gradio Project
Gradio Project gradio |
|
| Weaknesses | CWE-601 CWE-918 |
|
| CPEs | cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:* | |
| Vendors & Products |
Gradio Project
Gradio Project gradio |
|
| References |
|
|
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-08T19:43:32.730Z
Reserved: 2026-07-07T14:39:14.062Z
Link: CVE-2026-59806
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T22:15:08Z