Weak Hash Vulnerability in Gradio Audio Cache Key Handler by Gradio-App
CVE-2026-10783
Key Information:
- Vendor
Gradio-app
- Status
- Vendor
- CVE Published:
- 3 June 2026
Badges
What is CVE-2026-10783?
A security flaw has been identified in Gradio version 6.14.0, specifically within the 'save_audio_to_cache' function of the Audio Cache Key Handler component. This vulnerability allows an attacker with local access to manipulate the cache by exploiting the use of a weak hashing mechanism. The complexity of this attack is considered high, and even though it has been released to the public, its exploitability remains challenging. A patch has been provided as '13394' to mitigate this risk, and deployment of this patch is strongly recommended.
Affected Version(s)
gradio 6.14.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
