AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-47870: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition

highvulnerability

security

Source: NVD/CVE DatabaseOctober 10, 2024CVE-2024-47870

Summary

Gradio, an open-source Python package for building AI demos, has a race condition (a bug where two operations interfere with each other due to timing) in its configuration function that lets attackers change the backend URL. This could redirect users to a fake server to steal login credentials or uploaded files, especially affecting Gradio servers accessible over the internet.

Solution / Mitigation

Upgrade to gradio>=5 (version 5 or newer). The source notes there are no known workarounds for this issue.

Vulnerability Details

CVSS Score

8.1(high)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-362

CAPEC (Attack Pattern)

CAPEC-26 CAPEC-29

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:47 PM

Classified by LLM (prompt v3) · confidence: 92%

CVE-2024-47870: Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition**