Path Traversal Vulnerability in Gradio Software by Gradio
CVE-2026-49119
8.7HIGH
What is CVE-2026-49119?
A path traversal vulnerability exists in Gradio's FileExplorer component's preprocess() method, allowing unauthenticated attackers to bypass the configured root directory. By supplying crafted path segments containing directory traversal sequences or absolute paths, attackers can manipulate the os.path.join function to discard the root_dir prefix. This flaw can result in unauthorized access to sensitive files, posing a significant risk to data integrity and privacy.
Affected Version(s)
gradio 0
