CVE-2026-28415 is a vulnerability identified in the Gradio open-source Python package used for rapid prototyping of machine learning and AI applications. The issue lies in the _redirect_to_target() function within Gradio's OAuth authentication flow, which accepts a _target_url query parameter without proper validation. This parameter is used during redirection after login or logout processes, specifically at the /logout and /login/callback endpoints. Prior to version 6.6.0, the lack of validation allows an attacker to craft URLs that redirect users to arbitrary external websites, effectively creating an open redirect vulnerability. Such open redirects can be exploited to facilitate phishing attacks by redirecting users to malicious sites that appear to be part of the legitimate application. The vulnerability is classified under multiple CWEs including CWE-200 (Exposure of Sensitive Information), CWE-284 (Improper Access Control), CWE-330 (Use of Insufficiently Random Values), and CWE-601 (URL Redirection to Untrusted Site). The CVSS v3.1 base score is 4.3 (medium), reflecting that the attack vector is network-based, requires no privileges, but does require user interaction (clicking the malicious link). The impact primarily affects integrity by enabling attackers to manipulate user navigation flow, potentially leading to credential theft or session compromise indirectly. The issue was addressed in Gradio version 6.6.0 by sanitizing the _target_url parameter to only allow path, query, and fragment components, stripping out scheme and host information to prevent redirection to external domains. No public exploits have been reported yet, but the vulnerability poses a risk to any Gradio app using OAuth authentication, especially those deployed on Hugging Face Spaces with the gr.LoginButton component.

The primary impact of CVE-2026-28415 is the facilitation of open redirect attacks within Gradio applications using OAuth authentication. This can lead to several security risks for organizations worldwide. Attackers can exploit this vulnerability to redirect users to malicious websites, which may host phishing pages or malware, thereby compromising user credentials or installing malicious software. Although the vulnerability does not directly expose sensitive data or allow unauthorized access, it undermines user trust and the integrity of the authentication process. Organizations relying on Gradio for AI/ML application deployment, particularly on Hugging Face Spaces, may face reputational damage and increased risk of social engineering attacks. The vulnerability could also be leveraged as part of a broader attack chain to escalate privileges or gain unauthorized access if combined with other vulnerabilities. Given the ease of exploitation (no authentication required, only user interaction), the scope includes any publicly accessible Gradio app with OAuth enabled and running a vulnerable version. The medium CVSS score reflects moderate risk but should not be underestimated in environments with sensitive user data or high-value targets.

To mitigate CVE-2026-28415, organizations should upgrade all Gradio deployments to version 6.6.0 or later, where the _target_url parameter is properly sanitized. For environments where immediate upgrade is not feasible, implement the following controls: 1) Apply strict input validation and sanitization on the _target_url parameter at the application or proxy level to restrict redirects to only trusted internal paths. 2) Employ Content Security Policy (CSP) headers to limit the domains to which users can be redirected. 3) Educate users about the risks of clicking on unexpected links, especially those appearing to redirect from trusted applications. 4) Monitor application logs for unusual redirect patterns or suspicious query parameters. 5) If possible, disable OAuth login buttons or restrict OAuth flows until the patch is applied. 6) Conduct regular security assessments and penetration testing focusing on authentication and redirection mechanisms. These targeted measures go beyond generic advice by focusing on the specific vulnerable parameter and the OAuth flow context.