Insecure communication between the FRP client and server in Gradio
Description
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP (Fast Reverse Proxy) client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using share=True without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to gradio>=5 to address this issue. As a workaround, users can avoid using share=True in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Gradio's share=True option establishes an unencrypted FRP tunnel, letting attackers intercept uploaded files and modify traffic between client and server.
Vulnerability
Overview
CVE-2024-47871 concerns an insecure communication channel when Gradio uses share=True. In this mode, the FRP (Fast Reverse Proxy) client connects to Gradio's FRP server without enforcing HTTPS, leaving data transmitted over the tunnel unencrypted [1][2][4]. An attacker on the network path can therefore read any files uploaded to the Gradio demo and tamper with responses or other data exchanged between the client and the server [2][4].
Attack
Vector
Exploitation requires network access to the traffic between the FRP client and server. No authentication is needed beyond being able to observe or intercept the unencrypted communication link. Users who rely on share=True to publicly share Gradio demos over the internet are the primary targets, as their data flows through an external reverse proxy without transport-layer security [2][4]. The vulnerability does not require any special privileges or user interaction beyond the normal use of the shared demo.
Impact
A successful attacker can capture uploaded files and modify responses or data in transit, leading to information disclosure and potential data integrity compromises [2][4]. This is especially critical when sensitive datasets or model inputs are shared via Gradio's public sharing feature. The CVSS 4.0 score assigned by NVD reflects the high potential for confidentiality and integrity impact [2].
Mitigation
The official fix upgrades Gradio to version 5 or later, which enforces HTTPS for the FRP connection [2][4]. As a workaround, users should avoid using share=True in production and instead deploy Gradio on servers with HTTPS enabled to ensure end-to-end encryption [2][4]. No other workarounds have been provided, and the vulnerability is listed in the PyPA advisory database [3].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gradioPyPI | < 5.0.0 | 5.0.0 |
Affected products
2- gradio-app/gradiov5Range: < 5.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-279j-x4gx-hfrhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47871ghsaADVISORY
- github.com/gradio-app/gradio/security/advisories/GHSA-279j-x4gx-hfrhghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2024-219.yamlghsaWEB
News mentions
0No linked articles in our index yet.