CVE-2026-28416
Received Received - Intake
SSRF Vulnerability in Gradio Allows Internal Network Access

Publication date: 2026-02-27

Last updated on: 2026-03-05

Assigner: GitHub, Inc.

Description
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-05
Generated
2026-06-16
AI Q&A
2026-02-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28416
EUVD
EUVD-2026-9084
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gradio_project gradio to 6.6.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Server-Side Request Forgery (SSRF) issue in the Gradio Python package before version 6.6.0. It allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When the victim application uses the function `gr.load()` to load this attacker-controlled Space, the malicious proxy URL from the configuration is trusted and added to an allowlist. This enables the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure.

Impact Analysis

The vulnerability can have serious impacts including unauthorized access to internal services and sensitive data within the victim's network. An attacker can exploit this flaw to reach cloud metadata endpoints and private networks, potentially leading to information disclosure or further attacks within the victim's infrastructure.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade Gradio to version 6.6.0 or later, where the SSRF issue has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28416. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart