DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-27167: Critical Credential Leakage and Open Redirect in Gradio OAuth Flow

#security #cve #cybersecurity

Critical Credential Leakage and Open Redirect in Gradio OAuth Flow

Vulnerability ID: CVE-2026-27167
CVSS Score: 9.1
Published: 2026-03-01

A critical vulnerability in the Gradio Python package allows unauthenticated remote attackers to extract sensitive Hugging Face access tokens from the server environment. The flaw exists in the 'mocked' OAuth implementation used when the application runs outside of Hugging Face Spaces. Additionally, an open redirect vulnerability facilitates phishing attacks. These issues are resolved in version 6.6.0.

TL;DR

Gradio versions prior to 6.6.0 leak the server's Hugging Face access token via insecurely signed session cookies in the mocked OAuth flow. Attackers can decrypt the session to steal credentials or use an open redirect for phishing.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-522 (Insufficiently Protected Credentials)
  • CWE ID: CWE-601 (Open Redirect)
  • CVSS v3.1: 9.1 (Critical)
  • Attack Vector: Network
  • Exploit Status: PoC Available
  • Patch Date: 2026-02-17

Affected Systems

  • Gradio Python package versions >= 4.16.0 and < 6.6.0
  • Applications using gr.LoginButton or OAuth features outside of Hugging Face Spaces
  • gradio: >= 4.16.0, < 6.6.0 (Fixed in: 6.6.0)

Code Analysis

Commit: dfee0da

Fix open redirect and credential leak in mocked OAuth flow

diff --git a/gradio/oauth.py b/gradio/oauth.py
... - return huggingface_hub.get_token()
... + return "mock-oauth-token-for-local-dev"
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • N/A: Advisory implies trivial exploitation via session cookie decoding.

Mitigation Strategies

  • Upgrade Gradio immediately to version 6.6.0 or later.
  • If upgrading is not possible, ensure OAUTH_CLIENT_SECRET is set to a strong, random string in the environment variables to prevent cookie decryption (though this does not fix the underlying token inclusion).
  • Remove HF_TOKEN from the environment where the Gradio app is running if it is not strictly necessary for the application's operation.

Remediation Steps:

  1. Identify all instances of gradio running versions < 6.6.0.
  2. Update the package using pip: pip install --upgrade gradio.
  3. Verify the installation: pip show gradio should report version 6.6.0 or higher.
  4. Rotate any Hugging Face tokens (HF_TOKEN) that may have been exposed on vulnerable servers.

References

Read the full report for CVE-2026-27167 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)