CVE-2024-1728
Published: 10 April 2024
Summary
CVE-2024-1728 is a high-severity Path Traversal (CWE-22) vulnerability in Gradio Project Gradio. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 0.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain.
Deeper analysis
Gradio-app/gradio contains a path traversal vulnerability (CWE-22) in the UploadButton component that stems from missing validation of user-supplied file paths. An unauthenticated attacker can supply a crafted path in requests to the /queue/join endpoint, causing the application to read or write files anywhere on the server filesystem, including sensitive files such as SSH private keys. The issue affects the handling of upload destinations and carries a CVSS 3.1 base score of 7.5.
Because the vulnerability is reachable without authentication or user interaction, an attacker who can reach a Gradio server can leverage it to exfiltrate arbitrary files and, under certain configurations, achieve remote code execution by placing attacker-controlled content in locations that are later executed.
Public references point to a fix merged in commit 16fbe9cd0cffa9f2a824a0165beb43446114eec7; administrators should update to a patched release that enforces proper path sanitization for uploaded files.
The CVE’s EPSS score has reached a peak of 0.8904 and currently stands at 0.8509, indicating sustained and substantial exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-1079
Vulnerability details
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the…
more
file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Gradio is a Python library for creating web interfaces and demos for machine learning models, commonly used in AI/ML deployment workflows, fitting under Other Platforms as it supports model serving and interaction.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
LFI in public-facing Gradio web app (T1190) enables reading arbitrary local files (T1005), including credentials in files and private SSH keys (T1552.001, T1552.004).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.