CVE-2024-4940: An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows a
Summary
Gradio (a popular framework for building AI interfaces) has a vulnerability called an open redirect, which means attackers can trick the application into sending users to fake websites by exploiting improper URL validation. This can be used for phishing attacks (tricking people into revealing passwords), XSS (cross-site scripting, where attackers inject malicious code into web pages), and other exploits.
Vulnerability Details
6.1(medium)
EPSS: 7.2%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-4940
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 92%