Lack of integrity check on the downloaded FRP client in Gradio
Description
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file's checksum or signature. Any users utilizing the Gradio server's sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn't been tampered with.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Gradio lacks integrity verification for downloaded FRP client, allowing potential binary replacement via MITM or compromised URL.
Vulnerability
Details
CVE-2024-47867 describes a lack of integrity check on the FRP (Fast Reverse Proxy) client downloaded by the Gradio server when using its sharing mechanism. The server does not verify the binary's checksum or cryptographic signature before execution, meaning any tampering with the downloaded file goes undetected [1][2].
Exploitation
Scenario
An attacker who can intercept the remote URL from which the FRP client is fetched—for example, through a man-in-the-middle (MITM) attack or by compromising the download source—could replace the legitimate binary with a malicious one. The Gradio server then executes the tampered client, without any integrity verification [4].
Impact
Users who rely on Gradio's sharing feature (which downloads the FRP client to create a public tunnel) are at risk. A malicious binary could execute arbitrary code on the user's machine, potentially leading to data exfiltration, system compromise, or further network attacks. The vulnerability is particularly critical for users deploying Gradio in production or sharing sensitive models [2].
Mitigation
Gradio version 5.0 and later include a fix that verifies the integrity of the downloaded FRP client. Users are strongly advised to upgrade. There is no direct workaround for older versions, but administrators can implement manual checksum or signature verification in their deployment scripts as a temporary measure [4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gradioPyPI | < 5.0.0 | 5.0.0 |
Affected products
2- gradio-app/gradiov5Range: < 5.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-8c87-gvhj-xm8mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47867ghsaADVISORY
- github.com/gradio-app/gradio/security/advisories/GHSA-8c87-gvhj-xm8mghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2024-216.yamlghsaWEB
News mentions
0No linked articles in our index yet.