CVE-2024-47869: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack**
Summary
Gradio, an open-source Python package for building prototypes, has a timing attack vulnerability (a security flaw where an attacker measures how long the system takes to respond to guess different values) in its analytics dashboard hash comparison. An attacker could exploit this by sending many requests and timing the responses to gradually figure out the correct hash and gain unauthorized access to the dashboard.
Solution / Mitigation
Upgrade to gradio>4.44. Alternatively, before upgrading, developers can manually patch the analytics_dashboard to use a constant-time comparison function (a method that takes the same amount of time regardless of whether the input is correct) for comparing sensitive values like hashes, or disable access to the analytics dashboard entirely.
Vulnerability Details
3.7(low)
EPSS: 0.2%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-47869
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 85%