CVE-2026-28414
Published: 27 February 2026
Summary
CVE-2026-28414 is a high-severity Absolute Path Traversal (CWE-36) vulnerability in Gradio Project Gradio. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Remediating the Gradio path-joining flaw by upgrading to version 6.7 directly eliminates the absolute path traversal vulnerability caused by Python 3.13+ changes.
Validating file path inputs against root-relative and traversal patterns prevents unauthenticated attackers from reading arbitrary files on the Windows file system.
Enforcing least privilege on the Gradio process limits access to sensitive files like win.ini, reducing the impact of successful path traversal exploits.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing Gradio web app directly enables T1190 exploitation for unauthenticated remote file access and facilitates T1005 arbitrary local file reads on the server.
NVD Description
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the…
more
file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.
Deeper analysisAI
CVE-2026-28414 is an absolute path traversal vulnerability (CWE-36, CWE-22) affecting Gradio, an open-source Python package for quick prototyping, in versions prior to 6.7. The issue impacts Gradio apps running on Windows with Python 3.13 or later, stemming from a change in Python 3.13+'s `os.path.isabs` function, which no longer treats root-relative paths like `/windows/win.ini` as absolute on Windows. This flaw undermines Gradio's path-joining logic intended to prevent unsafe path operations, with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Unauthenticated attackers can exploit this vulnerability over the network with low complexity and no privileges required. By crafting requests with root-relative paths, they can traverse directories and read arbitrary files from the Gradio server's file system, bypassing any authentication configured on the Gradio app.
The Gradio security advisory at https://github.com/gradio-app/gradio/security/advisories/GHSA-39mp-8hj3-5c49 details the issue and confirms that upgrading to version 6.7 resolves the vulnerability by addressing the path validation logic.
Details
- CWE(s)