AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-47084: Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin v

highvulnerability

security

Source: NVD/CVE DatabaseOctober 10, 2024CVE-2024-47084

Summary

Gradio, an open-source Python package for prototyping, has a vulnerability in CORS origin validation (the security check that verifies requests come from trusted websites). When a cookie is present, the server fails to validate the request's origin, allowing attackers to trick users into making unauthorized requests to their local Gradio server, potentially stealing files, authentication tokens, or user data.

Solution / Mitigation

Users should upgrade to gradio>4.44. Alternatively, as a workaround, users can manually modify the CustomCORSMiddleware class in their local Gradio server code to bypass the condition that skips CORS validation for requests containing cookies.

Vulnerability Details

CVSS Score

8.3(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-285

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:47 PM

Classified by LLM (prompt v3) · confidence: 92%