DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-28415: Open Redirect in Gradio OAuth Flow Enables Phishing Attacks

#security #cve #cybersecurity

Open Redirect in Gradio OAuth Flow Enables Phishing Attacks

Vulnerability ID: CVE-2026-28415
CVSS Score: 4.3
Published: 2026-03-01

A security vulnerability has been identified in Gradio, a popular Python library for building machine learning demonstrations. The flaw exists within the OAuth authentication workflow, specifically in the _redirect_to_target function found in gradio/oauth.py. This function fails to properly validate the _target_url query parameter before issuing an HTTP 302 redirect. Consequently, an unauthenticated attacker can craft malicious URLs that leverage the trust of a legitimate Gradio application domain (such as those hosted on Hugging Face Spaces) to redirect users to arbitrary external sites. This mechanism is frequently employed in phishing campaigns to harvest credentials or distribute malware by masking the destination behind a trusted domain.

TL;DR

Gradio versions prior to 6.6.0 contain an Open Redirect vulnerability in the OAuth login/logout endpoints. Attackers can manipulate the _target_url parameter to redirect users to malicious external domains. This is patched in version 6.6.0 by enforcing relative path redirects.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-601
  • Attack Vector: Network
  • CVSS v3.1: 4.3 (Medium)
  • Impact: Phishing / Redirect
  • Exploit Status: PoC Available
  • EPSS Score: 0.00028 (Low)

Affected Systems

  • Gradio < 6.6.0
  • Gradio: < 6.6.0 (Fixed in: 6.6.0)

Code Analysis

Commit: dfee0da

Fix open redirect in oauth and prevent token leak in mock oauth

 def _redirect_to_target(
     request: fastapi.Request, default_target: str = "/"
 ) -> RedirectResponse:
     target = request.query_params.get("_target_url", default_target)
-    return RedirectResponse(target)
+    parsed = urllib.parse.urlparse(target)
+    safe_target = parsed.path or "/"
+    if parsed.query:
+        safe_target += "?" + parsed.query
+    if parsed.fragment:
+        safe_target += "#" + parsed.fragment
+    return RedirectResponse(safe_target)
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • GitHub: Regression tests included in the patch demonstrate the exploit vector.

Mitigation Strategies

  • Input Validation
  • Strict Allowlisting
  • Relative Path Enforcement

Remediation Steps:

  1. Upgrade the gradio package to version 6.6.0 or later.
  2. If immediate upgrading is not possible, implement a WAF rule to block requests containing _target_url parameters that start with http://, https://, or //.
  3. Audit any custom authentication flows in your application to ensure they do not manually handle redirects using unvalidated user input.

References

Read the full report for CVE-2026-28415 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)