CVE-2022-24770: `gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11
Summary
Gradio, a framework for building interactive machine learning demos, has a vulnerability in versions before 2.8.11 where its flagging feature (which saves data to CSV files) can be tricked into storing harmful commands in the file. If someone opens this CSV file in Excel or similar programs, those commands run automatically on their computer.
Solution / Mitigation
Update gradio to version 2.8.11 or later, which escapes saved CSV data with single quotes to prevent command execution. As a workaround, avoid opening CSV files generated by gradio with Excel or similar spreadsheet programs.
Vulnerability Details
8.8(high)
EPSS: 0.6%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-24770
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 92%