Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.
/upload
"https://github.com/pypa/advisory-database/blob/main/vulns/gradio/PYSEC-2026-1422.yaml"