CVE-2026-28415
Open Redirect in Gradio OAuth _redirect_to_target() Function
Publication date: 2026-02-27
Last updated on: 2026-03-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gradio_project | gradio | to 6.6.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-330 | The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Gradio Python package prior to version 6.6.0. The function _redirect_to_target() in Gradio's OAuth flow accepts a _target_url query parameter without proper validation. This allows an attacker to redirect users to arbitrary external URLs through the /logout and /login/callback endpoints on Gradio apps that have OAuth enabled.
Starting with version 6.6.0, the _target_url parameter is sanitized to only allow the path, query, and fragment components, removing any scheme or host information to prevent such arbitrary redirections.
How can this vulnerability impact me? :
This vulnerability can lead to open redirect attacks, where users of affected Gradio applications may be redirected to malicious external websites without their consent.
Such redirections can be exploited for phishing attacks, tricking users into providing sensitive information or downloading malware, thereby compromising user trust and security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Gradio to version 6.6.0 or later, where the _target_url parameter is properly sanitized to prevent redirection to arbitrary external URLs.