<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Gradio &lt; 6.20.0 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/gradio--6.20.0/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 08 Jul 2026 20:19:41 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/gradio--6.20.0/feed.xml" rel="self" type="application/rss+xml"/><item><title>Gradio Open Redirect and Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-59806)</title><link>https://feed.craftedsignal.io/briefs/2026-07-gradio-open-redirect-ssrf/</link><pubDate>Wed, 08 Jul 2026 20:19:41 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-gradio-open-redirect-ssrf/</guid><description>Gradio versions before 6.20.0 contain an open redirect and server-side request forgery (SSRF) vulnerability, CVE-2026-59806, allowing attackers to redirect users or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the `/gradio_api/file=` endpoint, potentially leading to the retrieval of sensitive credentials, such as EC2 IAM role credentials.</description><content:encoded><![CDATA[<p>A critical vulnerability, CVE-2026-59806, affects Gradio installations prior to version 6.20.0, exposing them to both open redirect and server-side request forgery (SSRF) attacks. This flaw resides within the <code>file_fetch()</code> function, accessible via the <code>/gradio_api/file=</code> endpoint, which fails to properly validate user-supplied HTTP/HTTPS URLs. Threat actors can leverage this vulnerability to craft malicious requests that either redirect users to arbitrary external websites or compel the Gradio server to make requests to internal network resources. The most severe consequence of the SSRF aspect is the potential to target cloud metadata services, such as AWS EC2 instance metadata, enabling attackers to retrieve highly sensitive credentials like IAM role access keys. This access can then be used to escalate privileges, exfiltrate data, or deploy further malicious infrastructure within compromised cloud environments.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>The attacker identifies a Gradio application running a version prior to 6.20.0, potentially through automated scanning or reconnaissance.</li>
<li>The attacker crafts a malicious HTTP GET or POST request targeting the <code>/gradio_api/file=</code> endpoint of the vulnerable Gradio application.</li>
<li>Within the request, the attacker includes a specially crafted <code>FileData</code> parameter containing an unvalidated HTTP or HTTPS URL as input to the <code>file_fetch()</code> function.</li>
<li>For an open redirect attack, the attacker supplies an arbitrary external URL (e.g., <code>https://malicious-site.com/phish</code>).</li>
<li>For an SSRF attack, the attacker supplies an internal endpoint URL (e.g., <code>http://169.254.169.254/latest/meta-data/iam/security-credentials/</code>) to access cloud metadata services.</li>
<li>The vulnerable Gradio server processes the request, internally making an HTTP request to the attacker-supplied URL without sufficient validation.</li>
<li>If the SSRF is successful against a cloud metadata service, the server retrieves sensitive data, such as EC2 IAM role credentials.</li>
<li>The Gradio server then returns the response containing the sensitive credentials or redirection instruction to the attacker through the original <code>FileData</code> response, achieving credential theft or user redirection.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-59806 can lead to significant compromise. In the case of an open redirect, users interacting with the Gradio application can be involuntarily redirected to malicious phishing sites, leading to credential harvesting or malware downloads. More critically, the SSRF capability allows attackers to bypass network segmentation and access internal services that are not directly exposed to the internet. This includes highly sensitive cloud metadata APIs (e.g., AWS EC2), which can yield temporary IAM credentials. Compromise of these credentials enables attackers to assume roles, gain access to cloud resources, exfiltrate data from cloud storage, modify cloud configurations, or launch further attacks within the cloud environment. The overall risk is a complete takeover of cloud instances and associated data.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch Gradio to version 6.20.0 or later immediately to remediate CVE-2026-59806 as specified in the references.</li>
<li>Implement web application firewall (WAF) rules to detect and block suspicious requests to the <code>/gradio_api/file=</code> endpoint containing known cloud metadata service IP addresses or internal network ranges in URL parameters.</li>
<li>Deploy the Sigma rule below to your SIEM solution to detect attempts to exploit CVE-2026-59806 via SSRF by monitoring webserver logs.</li>
<li>Review network segmentation and apply strict egress filtering to prevent Gradio applications from initiating connections to internal cloud metadata services or other sensitive internal IP ranges.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>web-vulnerability</category><category>ssrf</category><category>open-redirect</category><category>credential-access</category><category>cloud</category><category>gradio</category></item></channel></rss>