PYSEC-2026-1417

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2026-1417.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1417
Aliases
Published
2026-07-07T14:34:51.739857Z
Modified
2026-07-07T17:47:40.335557067Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
Gradio Vulnerable to Arbitrary File Deletion
Details

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an attacker can reset any file to an empty file, causing a denial of service (DOS) on the server.

References

Affected packages

PyPI / gradio

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Last affected
5.0.0b2

Affected versions

4.*
4.0.0
4.0.1
4.0.2
4.1.0
4.1.1
4.1.2
4.2.0
4.3.0
4.4.0
4.4.1
4.5.0
4.7.0
4.7.1
4.8.0
4.9.0
4.9.1
4.10.0
4.11.0
4.12.0
4.13.0
4.14.0
4.15.0
4.16.0
4.17.0
4.18.0
4.19.0
4.19.1
4.19.2
4.20.0
4.20.1
4.21.0
4.22.0
4.23.0
4.24.0
4.25.0
4.26.0
4.27.0
4.28.0
4.28.1
4.28.2
4.28.3
4.29.0
4.31.0
4.31.1
4.31.2
4.31.3
4.31.4
4.31.5
4.32.0
4.32.1
4.32.2
4.33.0
4.35.0
4.36.0
4.36.1
4.37.1
4.37.2
4.38.0
4.38.1
4.39.0
4.40.0
4.41.0
4.42.0
4.43.0
4.44.0
4.44.1
5.*
5.0.0b1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2026-1417.yaml"