CVE-2024-34510: Gradio before 4.20 allows credential leakage on Windows.
Summary
Gradio (a framework for building web interfaces for machine learning models) before version 4.20 has a vulnerability on Windows where credentials can be unintentionally revealed. The issue stems from improper encoding or escaping of output (meaning the software doesn't properly clean or protect sensitive information before displaying it).
Solution / Mitigation
Update Gradio to version 4.20 or later.
Vulnerability Details
7.5(high)
EPSS: 0.1%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-34510
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 92%