Cyber Resilience

CVE-2026-28414

HighPublic PoC

Published: 27 February 2026

Published
27 February 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0421 89.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28414 is a high-severity Absolute Path Traversal (CWE-36) vulnerability in Gradio Project Gradio. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Gradio, an open-source Python package for quick prototyping, contains an absolute path traversal vulnerability in versions prior to 6.7 when running on Windows under Python 3.13 and later. The root cause is a behavioral change in os.path.isabs that treats root-relative paths such as /windows/win.ini as non-absolute, defeating Gradio's path-joining safeguards and enabling unauthorized file reads from the underlying filesystem.

Unauthenticated remote attackers can exploit the flaw over the network to retrieve arbitrary files, including sensitive configuration or data files, even when Gradio authentication is enabled. The vulnerability carries a CVSS 3.1 base score of 7.5 reflecting network attack vector, low complexity, and high confidentiality impact, and is tracked under CWE-22 and CWE-36.

The referenced Gradio security advisory GHSA-39mp-8hj3-5c49 states that the issue is resolved in version 6.7; practitioners should upgrade promptly and verify that deployed instances are no longer running the affected Python and Gradio combination on Windows.

The associated EPSS score has remained flat at 0.0421 with no material rise since disclosure.

EU & UK References

Vulnerability details

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the…

more

file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: gradio

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Path traversal in public-facing Gradio web app directly enables T1190 exploitation for unauthenticated remote file access and facilitates T1005 arbitrary local file reads on the server.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-23042Same product: Gradio Project Gradio
CVE-2026-28416Same product: Gradio Project Gradio
CVE-2025-12824Shared CWE-22
CVE-2026-25965Shared CWE-22
CVE-2025-30567Shared CWE-22
CVE-2025-27098Shared CWE-22
CVE-2024-55457Shared CWE-22
CVE-2026-35485Shared CWE-22
CVE-2024-54909Shared CWE-22
CVE-2026-3405Shared CWE-22

Affected Assets

gradio project
gradio
≤ 6.7.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the Gradio path-joining flaw by upgrading to version 6.7 directly eliminates the absolute path traversal vulnerability caused by Python 3.13+ changes.

prevent

Validating file path inputs against root-relative and traversal patterns prevents unauthenticated attackers from reading arbitrary files on the Windows file system.

prevent

Enforcing least privilege on the Gradio process limits access to sensitive files like win.ini, reducing the impact of successful path traversal exploits.

References