{"data":{"id":"7d61bcc0-9e0a-4c3e-96e9-e79ddfb5fe22","title":"CVE-2026-49119: Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that all","summary":"Gradio versions before 6.16.0 contain a path traversal vulnerability (a security flaw where attackers bypass restrictions on which directories they can access) in the FileExplorer component's preprocess() method. Unauthenticated attackers can supply specially crafted file paths that cause the system to escape the intended root directory and read arbitrary files outside the configured location, potentially exposing sensitive data.","solution":"Update Gradio to version 6.16.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-49119","publishedAt":"2026-07-01T19:16:52.463Z","cveId":"CVE-2026-49119","cweIds":["CWE-22"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Gradio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-01T19:16:52.463Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}