Gradio has an Open Redirect in its OAuth Flow
🔗 CVE IDs covered (1)
📋 Description
Summary
The _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton).
Details
def _redirect_to_target(request, default_target="/"):
target = request.query_params.get("_target_url", default_target)
return RedirectResponse(target) # No validation
An attacker can craft a URL like https://my-space.hf.space/logout?_target_url=https://evil.com/phishing that redirects the user to an external site after logout. Because the URL originates from a trusted hf.space domain, users are more likely to trust the link.
Impact
Phishing — an attacker can use the trusted domain to redirect users to a malicious site. No direct data exposure or server-side impact.
Fix
The _target_url parameter is now sanitized to only use the path, query, and fragment, stripping any scheme or host.
🎯 Affected products1
- pip/gradio:< 6.6.0
🔗 References (6)
- https://github.com/gradio-app/gradio/security/advisories/GHSA-pfjf-5gxr-995x
- https://nvd.nist.gov/vuln/detail/CVE-2026-28415
- https://github.com/gradio-app/gradio/commit/dfee0da06d0aa94b3c2684131e7898d5d5c1911e
- https://github.com/gradio-app/gradio/releases/tag/gradio%406.6.0
- https://github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2026-65.yaml
- https://github.com/advisories/GHSA-pfjf-5gxr-995x