FixVibe
Covered by FixVibehigh

Gradio Absolute Path Traversal on Windows with Python 3.13+ (CVE-2026-28414)

Gradio versions before 6.7.0 can expose a path traversal risk on Windows with Python 3.13+. FixVibe now flags affected dependency evidence in GitHub repo scans and raises confidence when repo configuration also shows the Windows/Python runtime preconditions.

CVE-2026-28414GHSA-39mp-8hj3-5c49CWE-22CWE-36

FixVibe now covers this issue with a static GitHub repo check. Gradio versions before 6.7.0 are affected by CVE-2026-28414 / GHSA-39mp-8hj3-5c49 when the app runs on Windows with Python 3.13 or newer [S1, S2]. Advisory sources list CWE-22 and CWE-36 path traversal, high severity, and Gradio 6.7.0 as the patched release [S1, S3].

Why it matters

Gradio apps often handle generated files, uploaded assets, model outputs, and shareable UI resources. When the affected dependency and runtime conditions line up, the file-serving boundary can expose files that the Gradio process can access. That can turn a demo or internal tool into a sensitive-file exposure path, especially when secrets, configuration, or model artifacts live on the same host [S2, S3].

Covered by FixVibe

FixVibe GitHub repo scans now include code.gradio-path-traversal-cve-2026-28414, a passive repository advisory check for this CVE. The check reads authorized repo snapshots for Python dependency evidence in files such as requirements.txt, pyproject.toml, poetry.lock, Pipfile, Pipfile.lock, and setup.py. It reports Gradio versions that can resolve below 6.7.0 as dependency evidence.

Because the advisory depends on runtime context, FixVibe also looks for strong Windows and Python 3.13+ indicators in repository configuration such as Dockerfiles, GitHub Actions workflows, Python version files, and project config. A vulnerable dependency alone is reported as a version-based advisory. A vulnerable dependency plus both Windows and Python 3.13+ repository indicators is reported with higher confidence.

This check is static-only. It does not run Python or Gradio, request Gradio file-serving routes, send traversal input, read files, bypass authentication, inspect production filesystem contents, or claim live arbitrary file read. It gives teams patch-triage evidence and runtime-context clues, not exploit confirmation.

What to fix

Upgrade Gradio to 6.7.0 or newer in the dependency source that controls deployment, then regenerate the active lockfile or constraints file. Rebuild every Gradio app, worker, notebook, virtualenv, package cache, Windows host, or container image that can install the affected wheel. If the app is deployed on Windows with Python 3.13 or newer, prioritize that rollout and verify the deployed runtime version after rebuild [S2, S4].

Keep Gradio sharing and file-serving surfaces limited to intended users and trusted networks while the upgrade rolls out. If an affected deployment was exposed, review access logs and host/file permissions using normal operational review rather than proof-of-exploit requests.

How to verify safely

Use dependency-tree and runtime-version checks such as pip show gradio, pip freeze, poetry show gradio, pipenv graph, or a package-manager equivalent. For deployed Windows/Python 3.13+ environments, verify the actual OS image or runner, Python version, rebuilt artifact, and Gradio version. Then rerun the FixVibe GitHub repo scan.

Do not verify by requesting file-serving routes with traversal input, reading system files, collecting secrets, or adding exploit fixtures to tests, tickets, docs, or examples.

Gradio Absolute Path Traversal on Windows with Python 3.13+ (CVE-2026-28414) β€” FixVibe research Β· FixVibe