CVE-2026-28415 Overview
CVE-2026-28415 is an Open Redirect vulnerability affecting Gradio, an open-source Python package designed for quick prototyping of machine learning applications. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This vulnerability specifically affects the /logout and /login/callback endpoints on Gradio applications with OAuth enabled, including apps running on Hugging Face Spaces that utilize gr.LoginButton.
Critical Impact
Attackers can craft malicious URLs that redirect authenticated users to phishing sites or malicious domains, potentially leading to credential theft or session hijacking.
Affected Products
- Gradio versions prior to 6.6.0
- Gradio applications with OAuth enabled (including Hugging Face Spaces deployments)
- Applications using gr.LoginButton functionality
Discovery Timeline
- 2026-02-27 - CVE CVE-2026-28415 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28415
Vulnerability Analysis
This vulnerability is classified under CWE-601 (URL Redirection to Untrusted Site) and CWE-200 (Information Exposure). The core issue lies in the _redirect_to_target() function within Gradio's OAuth authentication flow, which fails to properly validate the _target_url query parameter before performing redirects.
When users authenticate via OAuth on affected Gradio applications, the application processes the _target_url parameter to redirect users after login or logout operations. Without proper validation, an attacker can manipulate this parameter to redirect victims to external malicious websites.
The vulnerability requires user interaction—a victim must click on a crafted malicious link. However, because the initial URL appears to originate from a legitimate Gradio application domain, users are more likely to trust and click on such links.
Root Cause
The root cause is insufficient input validation in the _redirect_to_target() function. The function accepts the full URL including scheme and host components from the _target_url parameter without sanitization. This allows attackers to specify arbitrary external URLs as redirect destinations.
In version 6.6.0, the fix involves sanitizing the _target_url parameter to only use the path, query, and fragment components while stripping any scheme or host. This ensures redirects can only occur within the same application domain.
Attack Vector
The attack vector is network-based and targets the OAuth flow endpoints. An attacker constructs a malicious URL pointing to a vulnerable Gradio application's /logout or /login/callback endpoint with a crafted _target_url parameter containing an external malicious domain.
A typical attack scenario involves:
- Attacker identifies a Gradio application with OAuth enabled
- Attacker crafts a URL with a malicious _target_url parameter pointing to a phishing site
- Attacker distributes the malicious link via phishing emails or social engineering
- Victim clicks the link, authenticates normally, then gets redirected to the attacker's site
- Attacker's site can harvest credentials, session tokens, or serve malware
The malicious URL would target endpoints like /login/callback?_target_url=https://attacker-site.com/phishing where the _target_url parameter contains an attacker-controlled domain designed to mimic the legitimate application.
Detection Methods for CVE-2026-28415
Indicators of Compromise
- Unusual redirect patterns in web server logs from /logout or /login/callback endpoints
- HTTP requests to OAuth endpoints containing external domains in the _target_url parameter
- User reports of unexpected redirects after authentication
- Increased phishing reports targeting users of your Gradio application
Detection Strategies
- Monitor HTTP request logs for OAuth callback endpoints with suspicious _target_url parameters
- Implement web application firewall (WAF) rules to flag requests with external URLs in redirect parameters
- Deploy SIEM correlation rules to detect redirect-based attack patterns
- Review authentication flow logs for anomalous redirect destinations
Monitoring Recommendations
- Enable detailed logging on all OAuth-related endpoints (/logout, /login/callback)
- Set up alerts for redirect parameters containing external schemes (http://, https://) followed by non-application domains
- Monitor user session patterns for authentication flows followed by immediate session termination
- Track referrer headers from external domains that may indicate successful redirect attacks
How to Mitigate CVE-2026-28415
Immediate Actions Required
- Upgrade Gradio to version 6.6.0 or later immediately
- Review application logs for any evidence of exploitation attempts
- Notify users about potential phishing attempts leveraging this vulnerability
- Consider temporarily disabling OAuth authentication if immediate patching is not possible
Patch Information
The vulnerability is fixed in Gradio version 6.6.0. The patch sanitizes the _target_url parameter to only use the path, query, and fragment components, effectively stripping any scheme or host that could redirect users to external domains.
For detailed information about the security fix, refer to the GitHub Security Advisory.
Workarounds
- Upgrade to Gradio 6.6.0 or later as the primary remediation
- If immediate upgrade is not possible, implement reverse proxy rules to strip or validate _target_url parameters
- Deploy WAF rules to block requests with external URLs in the _target_url parameter
- Consider disabling OAuth features temporarily on critical applications until patching is complete
# Upgrade Gradio to the patched version
pip install --upgrade gradio>=6.6.0
# Verify the installed version
pip show gradio | grep Version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
