CVE-2024-8966: A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Serv
Summary
CVE-2024-8966 is a vulnerability in Gradio version @gradio/video@0.10.2 that allows attackers to cause a Denial of Service (DoS, when a system becomes unavailable to users) by uploading files with extremely long multipart boundaries (the separators in file upload data). The attack forces the system to continuously process characters and issue warnings, making Gradio inaccessible for extended periods.
Vulnerability Details
7.5(high)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-8966
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 92%