CVE-2024-51751: Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadB
Summary
Gradio is an open-source Python package for building web applications, but versions before 5.5.0 have a vulnerability in the File and UploadButton components that allows attackers to read any files from the application server by exploiting path traversal (a technique where attackers use file paths like '../../../' to access files outside their intended directory). This happens when these components are used to preview file content.
Solution / Mitigation
Upgrade to Gradio release version 5.5.0 or later. The source explicitly states: 'This issue has been addressed in release version 5.5.0 and all users are advised to upgrade.'
Vulnerability Details
6.5(medium)
EPSS: 0.3%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-51751
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 92%