PatchSiren cyber security CVE debrief
CVE-2026-48545 gradio-app CVE debrief
Gradio versions prior to 6.15.0 contain a session fixation vulnerability stemming from a shared module-level HTTP client in the reverse proxy endpoint. The shared client stores cookies returned by any Hugging Face Space and automatically replays them into subsequent proxy requests to other Spaces, enabling cross-Space session fixation. An attacker controlling a malicious Space can inject a parent-domain cookie that persists across all users of the same Gradio deployment, potentially hijacking sessions in legitimate Spaces. The vulnerability is classified as CWE-384 (Session Fixation) and carries a HIGH severity CVSS score of 7.6. The issue was disclosed to the Gradio maintainers, addressed in version 6.15.0, and assigned CVE-2026-48545. Organizations running Gradio deployments should upgrade to 6.15.0 or later and review proxy configurations for shared state isolation.
- Vendor
- gradio-app
- Product
- gradio
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-27
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-27
- Advisory updated
- 2026-05-27
Who should care
Organizations operating Gradio deployments, particularly those exposing reverse proxy functionality to multiple Spaces or untrusted Space authors. Security teams monitoring for session fixation vulnerabilities in ML/AI infrastructure platforms. Developers building multi-tenant applications on Gradio who rely on proxy isolation between Spaces.
Technical summary
The vulnerability exists in Gradio's reverse proxy endpoint, which uses a module-level shared HTTP client (httpx.AsyncClient) for all outbound requests. When proxying requests to Hugging Face Spaces, the shared client automatically stores and replays cookies, including those with parent-domain scope. An attacker controlling any Space can return a Set-Cookie header with a parent-domain cookie that the shared client persists. This cookie is then automatically included in all subsequent proxy requests to other Spaces, enabling session fixation attacks against users of legitimate Spaces. The fix in 6.15.0 isolates cookie handling per request or session, preventing cross-Space cookie contamination.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Gradio to version 6.15.0 or later to obtain the fix for the shared HTTP client cookie handling vulnerability.
- Review reverse proxy configurations to ensure HTTP client instances are not shared across user sessions or Spaces.
- Audit deployed Gradio instances for signs of unauthorized session fixation or anomalous cookie injection in proxy logs.
- If immediate patching is not feasible, consider isolating Spaces at the network or deployment level to prevent cross-Space cookie propagation.
Evidence notes
Vulnerability disclosed via Vulncheck advisory; confirmed by Gradio maintainers through GitHub issue #13369 and resolved in PR #13384. Fix commit feb7237d01f359d2ad4ee42d00344e61692b3b39 released in [email protected].
Official resources
2026-05-27