AIKIDO-2026-425914
gradio is vulnerable to URL Redirection to Untrusted Site ('Open Redirect')
43
Medium Risk
This Affects:
gradioTL;DR
Gradio OAuth logout and login callback flows sanitize _target_url by taking only urlparse(...).path, but urlparse leaves four or more leading slashes in .path. An attacker can supply ////evil.com/foo so the response Location header becomes a scheme-relative URL that browsers resolve to an external host. This bypasses the CVE-2026-28415 fix shipped in 6.6.0 for apps using OAuth components such as gr.LoginButton. The fix collapses leading slashes and backslashes so redirects stay on the local path.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range and your app enables OAuth (for example with gr.LoginButton on Hugging Face Spaces).
Background info
gradio is vulnerable to URL Redirection to Untrusted Site ('Open Redirect') in versions 6.6.0 - 6.15.2.
How to fix this
Upgrade the gradio library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant