CVE-2024-47872: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripti
Summary
Gradio, an open-source Python package for building user interfaces, has a cross-site scripting vulnerability (XSS, where malicious code hidden in files runs in users' browsers) that affects servers allowing file uploads. Attackers can upload harmful HTML, JavaScript, or SVG files that execute when other users view or download them, potentially stealing data or compromising accounts.
Solution / Mitigation
Upgrade to gradio>=5. As a workaround, restrict uploads to non-executable file types (like images or text) and implement server-side validation to sanitize or reject HTML, JavaScript, and SVG files before they are stored or displayed to users.
Vulnerability Details
5.4(medium)
EPSS: 0.3%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-47872
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 92%