PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59806 gradio-app CVE debrief

CVE-2026-59806 is an open redirect and server-side request forgery vulnerability in Gradio before 6.20.0. The vulnerability allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Affected product deployments should be reviewed for exposure, and owners should be assigned for follow-up. The vulnerability has a CVSS score of 4.9 and a severity of MEDIUM.

Vendor
gradio-app
Product
gradio
CVSS
MEDIUM 4.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-10
Advisory published
2026-07-08
Advisory updated
2026-07-10

Who should care

Users of Gradio before version 6.20.0 should be aware of this vulnerability and take steps to mitigate it. Affected operator teams, platform administrators, vulnerability management teams, and security teams should review the vulnerability and implement necessary controls to prevent exploitation.

Technical summary

The vulnerability exists in the file_fetch() function in the /gradio_api/file= endpoint of Gradio before 6.20.0. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials, including EC2 IAM role credentials. The vulnerability allows for client-side SSRF and open redirects, which can be used to retrieve sensitive information or perform further attacks.

Defensive priority

Medium

Recommended defensive actions

  • Upgrade Gradio to version 6.20.0 or later
  • Validate and sanitize user input to the file_fetch() function
  • Implement additional security measures to protect against SSRF attacks
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-08T20:16:56.973Z and has not been modified since then. The NVD entry is currently Deferred. The Gradio project has a known vulnerability in versions before 6.20.0. Evidence of exploitation is limited, and defenders should verify affected deployments. The vulnerability allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:56.973Z and has not been modified since then. The NVD entry is currently Deferred.