Vulnerability Description
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable. Version 6.6.0 fixes the issue.
CVSS Score
NONE
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gradio Project | Gradio | >= 4.16.0, < 6.6.0 |
Related Weaknesses (CWE)
References
- https://github.com/gradio-app/gradio/security/advisories/GHSA-h3h8-3v2v-rg7mExploitVendor Advisory
FAQ
What is CVE-2026-27167?
CVE-2026-27167 is a vulnerability with a CVSS score of 0.0 (NONE). Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically ...
How severe is CVE-2026-27167?
CVE-2026-27167 has been rated NONE with a CVSS base score of 0.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-27167?
Check the references section above for vendor advisories and patch information. Affected products include: Gradio Project Gradio.