CVE-2026-28414 is an absolute path traversal vulnerability (CWE-36) found in the Gradio open-source Python package used for rapid prototyping of machine learning and AI applications. The flaw arises from a change introduced in Python 3.13+ where the function os.path.isabs no longer treats root-relative paths (e.g., /windows/win.ini) on Windows as absolute paths. Gradio's internal logic for safely joining file paths relied on the previous behavior of os.path.isabs to prevent directory traversal attacks. Due to this change, Gradio versions before 6.7 fail to properly validate and sanitize user-supplied paths, enabling attackers to craft requests that access arbitrary files on the server's filesystem. Notably, this vulnerability can be exploited without any authentication or user interaction, and it bypasses Gradio's authentication mechanisms. The impact is a direct breach of confidentiality, as attackers can read sensitive files such as configuration files, credentials, or proprietary data hosted on the Gradio server. The vulnerability is specific to Windows environments running Python 3.13 or later, as the path handling change does not affect other OSes. The issue was publicly disclosed on February 27, 2026, with a CVSS v3.1 score of 7.5 (high severity), reflecting its ease of exploitation and significant confidentiality impact. While no known exploits have been observed in the wild, the vulnerability's characteristics make it a prime target for attackers seeking to extract sensitive information from AI/ML development environments. The Gradio project addressed the issue in version 6.7 by updating the path validation logic to correctly handle root-relative paths under the new Python behavior.

The primary impact of CVE-2026-28414 is unauthorized disclosure of sensitive information due to arbitrary file read capabilities on vulnerable Gradio servers. Organizations using affected Gradio versions on Windows with Python 3.13+ risk exposure of configuration files, credentials, proprietary datasets, and other confidential information. This can lead to further attacks such as credential theft, lateral movement, intellectual property theft, and compliance violations. Since the vulnerability bypasses authentication, attackers do not need valid credentials, increasing the risk of exploitation from external or internal threat actors. The flaw affects any deployment of Gradio apps on Windows platforms, which are common in AI/ML research labs, startups, and enterprises leveraging Python-based prototyping tools. The confidentiality breach could undermine trust in AI services, cause data leaks, and result in regulatory penalties depending on the nature of the exposed data. Although availability and integrity are not directly impacted, the loss of confidentiality alone warrants urgent remediation.

To mitigate this vulnerability, organizations should immediately upgrade all Gradio installations to version 6.7 or later, which contains the fix for the path traversal issue. For environments where immediate upgrade is not feasible, implement strict network-level access controls to restrict exposure of Gradio servers to trusted internal networks only. Additionally, review and harden file system permissions to minimize the impact of potential arbitrary file reads, ensuring that sensitive files are not accessible by the Gradio process user. Monitor logs for unusual file access patterns indicative of exploitation attempts. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious path traversal payloads targeting Gradio endpoints. Finally, conduct a thorough audit of any data potentially exposed prior to patching and rotate any credentials or secrets that may have been compromised.