CVE-2026-27167
OAuth Token Exposure in Gradio via Mocked Login Routes
Publication date: 2026-02-27
Last updated on: 2026-03-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gradio_project | gradio | From 4.16.0 (inc) to 6.6.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Can you explain this vulnerability to me?
This vulnerability affects Gradio, an open-source Python package used for quick prototyping. In versions starting from 4.16.0 up to but not including 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable mocked OAuth routes when OAuth components like gr.LoginButton are used.
When a user visits the /login/huggingface route, the server retrieves its own Hugging Face access token using huggingface_hub.get_token() and stores this token in the visitor's session cookie. Because the session cookie is signed with a hardcoded secret derived from the string "-v4", the payload can be easily decoded.
If the application is accessible over a network, a remote attacker can trigger this flow to steal the server owner's Hugging Face token.
This issue was fixed in version 6.6.0 of Gradio.
How can this vulnerability impact me? :
If your Gradio application is network-accessible and uses vulnerable versions, a remote attacker can exploit this vulnerability to steal your Hugging Face access token.
With the stolen token, the attacker could potentially access resources or perform actions on Hugging Face services with the privileges of the token owner.
Because the session cookie is signed with a hardcoded secret, the attacker can easily decode the token, making the attack straightforward.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in Gradio version 6.6.0. To mitigate this issue, you should upgrade your Gradio installation to version 6.6.0 or later.
Additionally, if upgrading immediately is not possible, consider restricting network access to the Gradio application to prevent remote attackers from triggering the OAuth token theft flow.