Bug 2443453 (CVE-2026-28416)

Summary:	CVE-2026-28416 Gradio: Gradio: Server-Side Request Forgery allows access to internal services via malicious Space loading
Product:	[Other] Security Response	Reporter:	OSIDB Bzimport <bzimport>
Component:	vulnerability	Assignee:	Product Security DevOps Team <prodsec-dev>
Status:	NEW ---	QA Contact:
Severity:	high	Docs Contact:
Priority:	high
Version:	unspecified	CC:	jwong, omaciel, teagle, ttakamiy
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	---
Doc Text:	A flaw was found in Gradio, an open-source Python package for rapid prototyping. A remote attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load this attacker-controlled Space, a malicious `proxy_url` from the configuration is trusted. This allows the attacker to make arbitrary HTTP requests from the victim's server, potentially accessing internal services, cloud metadata endpoints, and private networks through the victim's infrastructure.	Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-02-27 22:02:10 UTC

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.