Race condition in update_root_in_config may redirect user traffic in Gradio
Description
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the update_root_in_config function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to gradio>=5 to address this issue. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A race condition in Gradio's update_root_in_config allows an attacker to redirect user traffic to a malicious server, potentially intercepting sensitive data.
Vulnerability
Description
Gradio is an open-source Python package for building machine learning web interfaces. A race condition exists in the update_root_in_config function, which sets the root URL used by the frontend to communicate with the backend. Due to improper synchronization, an attacker can race to modify this URL before it is set or used, redirecting traffic to a malicious server. [2][4]
Exploitation
Exploitation requires the attacker to send requests to the Gradio server concurrently during the configuration update. This is particularly feasible for internet-exposed Gradio instances. The attacker can change the root URL to a server they control, intercepting user communications. [2][4]
Impact
Users connecting to the Gradio server may have their authentication credentials, uploaded files, or other sensitive data intercepted by the malicious server, leading to data theft or account compromise. [2][4]
Mitigation
This issue is patched in Gradio version 5 and above. Users are advised to upgrade immediately. There is no known workaround. [2][4]
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gradioPyPI | < 5.0.0 | 5.0.0 |
Affected products
2- gradio-app/gradiov5Range: < 5.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-xh2x-3mrm-fwqmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47870ghsaADVISORY
- github.com/gradio-app/gradio/security/advisories/GHSA-xh2x-3mrm-fwqmghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2024-218.yamlghsaWEB
News mentions
0No linked articles in our index yet.