CVE-2026-59806
Received Received - Intake

Open Redirect and SSRF in Gradio via Unvalidated File Fetch

Vulnerability report for CVE-2026-59806, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: VulnCheck

Description

Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
gradio gradio to 6.20.0 (exc)
gradio gradio 6.15.2
gradio gradio 6.20.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not explicitly discuss the impact of CVE-2026-59806 on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-59806 is a security vulnerability in Gradio versions before 6.20.0 involving an open redirect and server-side request forgery (SSRF) via the /gradio_api/file= endpoint.

Attackers can supply unvalidated HTTP or HTTPS URLs to the file_fetch() function, causing the server to redirect users to arbitrary URLs or perform client-side SSRF.

This allows attackers to craft malicious responses that target internal endpoints, such as cloud metadata services, to steal sensitive credentials like EC2 IAM role credentials.

Impact Analysis

This vulnerability can impact you by enabling attackers to redirect users to malicious websites, potentially facilitating phishing attacks.

Additionally, it can be exploited to perform client-side SSRF attacks that access internal cloud metadata services, allowing attackers to retrieve sensitive credentials such as AWS EC2 IAM role credentials.

Such credential theft can lead to unauthorized access to cloud resources and further compromise of your infrastructure.

Detection Guidance

This vulnerability can be detected by testing the /gradio_api/file= endpoint for open redirect and SSRF behavior. One common method is to use curl commands to submit HTTP or HTTPS URLs as parameters and observe if the server redirects or fetches the URLs without validation.

  • Use curl to test open redirect by sending a request like: curl -v "http://<target>/gradio_api/file=https://evil.com/phishing" and check if the server redirects to the supplied URL.
  • Test for SSRF by attempting to access internal metadata services, for example: curl -v "http://<target>/gradio_api/file=http://169.254.169.254/latest/meta-data/" and observe if the server fetches or redirects to internal IPs.

Detection involves verifying if the endpoint improperly redirects or fetches unvalidated URLs, which can be confirmed by monitoring the server's response and network traffic.

Mitigation Strategies

The immediate mitigation step is to upgrade Gradio to version 6.20.0 or later, where this vulnerability has been fixed by replacing the open redirect with a secure SSRF-safe streaming proxy.

  • Upgrade Gradio to version 6.20.0 or newer.
  • If upgrading is not immediately possible, restrict access to the /gradio_api/file= endpoint to trusted users or networks to reduce exposure.
  • Implement network-level controls to block outgoing requests to internal metadata IP addresses (e.g., 169.254.169.254) from the Gradio server.

The fix in version 6.20.0 includes validating that URLs resolve to public IPs, blocking non-public hosts, pinning resolved IPs to prevent DNS rebinding, and streaming content server-side instead of redirecting, which collectively mitigate open redirect and SSRF risks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59806. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart