CVE-2026-27167

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable. Version 6.6.0 fixes the issue.

CVSS

No CVSS.

References

Link	Resource
https://github.com/gradio-app/gradio/security/advisories/GHSA-h3h8-3v2v-rg7m	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*

History

05 Mar 2026, 13:13

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gradio_project:gradio::::::python::*
First Time		Gradio Project Gradio Project gradio
References	~~() https://github.com/gradio-app/gradio/security/advisories/GHSA-h3h8-3v2v-rg7m -~~	() https://github.com/gradio-app/gradio/security/advisories/GHSA-h3h8-3v2v-rg7m - Exploit, Vendor Advisory

27 Feb 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-27 22:16

Updated : 2026-03-05 13:13

NVD link : CVE-2026-27167

Mitre link : CVE-2026-27167

CVE.ORG link : CVE-2026-27167

JSON object : View

Products Affected

gradio_project

gradio

CWE

CWE-522

Insufficiently Protected Credentials

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2026-27167", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 0.0, "attackVector": "NETWORK", "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 0.0, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2026-02-27T22:16:22.820", "references": [{"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-h3h8-3v2v-rg7m", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable \"mocked\" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `\"-v4\"`, making the payload trivially decodable. Version 6.6.0 fixes the issue."}], "lastModified": "2026-03-05T13:13:11.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "28401826-0343-4F00-8038-0291A834E4E5", "versionEndExcluding": "6.6.0", "versionStartIncluding": "4.16.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}