Gradio is an open-source Python package widely used for rapid prototyping of machine learning and data science applications. Prior to version 6.7, Gradio apps running on Windows with Python 3.13 or newer are vulnerable to an absolute path traversal vulnerability (CWE-36). This vulnerability arises because Python 3.13 changed the behavior of the os.path.isabs function: root-relative paths such as '/windows/win.ini' on Windows are no longer considered absolute paths. Gradio's internal logic for safely joining paths relies on os.path.isabs to validate user-supplied file paths. Due to the changed behavior, Gradio incorrectly treats certain root-relative paths as relative, allowing attackers to craft path traversal payloads that bypass intended path restrictions. Consequently, unauthenticated attackers can read arbitrary files on the server hosting the Gradio app, potentially exposing sensitive data. The vulnerability does not require authentication or user interaction and affects all Gradio versions before 6.7 running on Windows with Python 3.13+. The issue is resolved in Gradio 6.7 by updating the path validation logic to accommodate the new os.path.isabs behavior. No public exploits have been reported yet, but the vulnerability has a CVSS 3.1 base score of 7.5, indicating high severity due to its ease of exploitation and impact on confidentiality.

The primary impact of CVE-2026-28414 is unauthorized disclosure of sensitive information from the file system of servers running vulnerable Gradio applications on Windows with Python 3.13+. Attackers can read arbitrary files without authentication, potentially exposing credentials, configuration files, source code, or other confidential data. This can lead to further attacks such as credential theft, lateral movement, or data leakage. Since Gradio is often used in data science and machine learning environments, exposure of proprietary models or datasets is also a risk. The vulnerability does not affect integrity or availability directly but compromises confidentiality significantly. Organizations relying on Gradio for internal or external-facing applications face increased risk of data breaches. The ease of exploitation and lack of required authentication make this a critical concern for affected deployments worldwide.

The most effective mitigation is to upgrade Gradio to version 6.7 or later, where the path traversal issue is fixed. Organizations should audit their environments to identify Gradio instances running on Windows with Python 3.13+ and update them promptly. If immediate upgrade is not feasible, as a temporary measure, restrict network access to Gradio applications to trusted users only, minimizing exposure to unauthenticated attackers. Additionally, implement strict file system permissions to limit the files accessible to the Gradio process. Monitoring and logging access to sensitive files can help detect exploitation attempts. Developers should review any custom path handling code for compatibility with Python 3.13 changes and avoid relying solely on os.path.isabs for security-critical path validation. Employing application-layer firewalls or reverse proxies to filter malicious requests may also reduce risk until patches are applied.