OAuth Redirection Vulnerability in Gradio by Gradio App
CVE-2026-28415

4.3MEDIUM

Key Information:

Vendor: Gradio-app
Status: Gradio
Vendor: CVE Published:; 27 February 2026

What is CVE-2026-28415?

Gradio, an open-source Python package used for rapid prototyping, contains a vulnerability prior to version 6.6.0 in its OAuth flow. The _redirect_to_target() function improperly handles the _target_url query parameter, which can be exploited for redirection to unauthorized external URLs via the /logout and /login/callback endpoints on apps utilizing OAuth, such as those on Hugging Face Spaces with gr.LoginButton. Version 6.6.0 addresses this issue by sanitizing the _target_url parameter to ensure it only includes the path, query, and fragment, removing any scheme or host components.

Affected Version(s)

gradio < 6.6.0

References

https://github.com/gradio-app/gradio/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2026
Vulnerability Reserved
Feb 27, 2026

CVE-2026-28415 Data

JSON

Gradio-app

What is CVE-2026-28415?

Affected Version(s)

References

CVSS V3.1

Timeline