CVE-2026-10783
Analyzed Analyzed - Analysis Complete
Use of Weak Hash in Gradio 6.14.0 Audio Cache Key Handler

Publication date: 2026-06-04

Last updated on: 2026-06-10

Assigner: VulDB

Description
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The patch is named 13394. To fix this issue, it is recommended to deploy a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-10
Generated
2026-06-16
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-14
NVD
CVE-2026-10783
EUVD
EUVD-2026-34187
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gradio_project gradio 6.14.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Gradio version 6.14.0 affects the function save_audio_to_cache within the Audio Cache Key Handler component. The issue arises because the cache key is generated using only the raw audio bytes, ignoring important metadata such as sample rate, format, data type, and shape. As a result, different audio outputs that share the same raw bytes but differ in metadata are incorrectly cached under the same key. This can cause incorrect behavior when retrieving cached audio files.

The vulnerability is considered to have high complexity and requires local access to exploit. Although the exploitability is difficult, the exploit has been publicly released. The problem was fixed by updating the cache key generation to include both raw audio bytes and relevant metadata, ensuring unique cache keys for different audio outputs.

Impact Analysis

This vulnerability can lead to incorrect caching behavior in Gradio's audio processing. Specifically, audio files with identical raw data but different metadata might be treated as the same cached file. This can cause the application to return incorrect or unexpected audio outputs, potentially disrupting functionality or user experience.

Since the attack requires local access and has high complexity, the direct security impact is limited. However, the incorrect cache reuse could cause confusion or errors in applications relying on accurate audio processing and caching.

Detection Guidance

This vulnerability is related to the internal caching mechanism of the Gradio application, specifically in the save_audio_to_cache function handling audio metadata. Detection involves verifying if the affected version of Gradio (6.14.0) is in use and if the cache key generation ignores audio metadata, causing different audio files with identical raw bytes but different metadata to share the same cache directory.

Since the vulnerability is local and related to application behavior rather than network traffic, detection commands would focus on checking the Gradio version and inspecting the cache directory behavior.

  • Check Gradio version installed: `pip show gradio` or `gradio --version`
  • Inspect the audio cache directory for unexpected file overlaps or conflicts.
  • Run a test script that saves audio files with identical raw bytes but different metadata (e.g., sample rate, format) and observe if they are cached in the same directory, indicating the vulnerability.
Mitigation Strategies

The primary mitigation step is to apply the patch provided in the pull request 13394 for Gradio. This patch updates the save_audio_to_cache function to include audio metadata in the cache key derivation, preventing incorrect cache reuse.

Until the patch is applied, avoid relying on the audio cache feature for critical applications or manually clear the audio cache to prevent incorrect audio file reuse.

  • Update Gradio to a version that includes the patch from pull request 13394.
  • If updating is not immediately possible, consider disabling or bypassing the audio cache functionality.
  • Monitor for any unusual audio processing behavior that might indicate cache conflicts.
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10783. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart