CVE-2026-49119
Summary
by MITRE • 07/01/2026
Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide crafted path segments that cause os.path.join to discard the root_dir prefix entirely, resulting in arbitrary file read or exposure of sensitive files outside the intended directory.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 07/01/2026
This vulnerability resides within the Gradio framework's FileExplorer component where the preprocess() method fails to properly validate and sanitize user-supplied file paths. The issue stems from inadequate input validation that allows attackers to manipulate path segments through directory traversal sequences such as ../ or absolute paths starting with /. When these malformed paths are processed through os.path.join, the function's behavior causes it to ignore or discard the configured root directory prefix entirely. This fundamental flaw in path handling creates a critical path traversal vulnerability that affects versions prior to 6.16.0.
The technical implementation of this vulnerability demonstrates a classic path traversal flaw where the application fails to properly constrain file access within its intended directory boundaries. The os.path.join function, when provided with absolute paths or specific relative path sequences, does not maintain the root directory context as expected by the application logic. This allows attackers to craft malicious requests that bypass directory restrictions and access files outside the designated root directory. The vulnerability specifically affects the FileExplorer component's ability to properly validate user inputs before processing file operations.
From an operational perspective, this vulnerability presents significant security risks to applications using Gradio versions before 6.16.0. An unauthenticated attacker can exploit this flaw to read arbitrary files from the server filesystem, potentially accessing sensitive configuration files, database credentials, application source code, or other confidential data stored outside the intended file access boundaries. The impact extends beyond simple information disclosure as attackers could also potentially expose system files, log files, or other sensitive data that might contain authentication tokens, private keys, or other critical system information.
The vulnerability aligns with CWE-22 Path Traversal and follows patterns consistent with ATT&CK technique T1083 File and Directory Discovery. This classification indicates the vulnerability enables adversaries to enumerate and access files outside of designated directories without proper authentication or authorization. The attack surface includes any application that utilizes the FileExplorer component with user-controllable path inputs, making it particularly dangerous in web applications where file access controls are critical for maintaining system integrity and data confidentiality.
Mitigation strategies should focus on implementing robust input validation and sanitization within the FileExplorer component's preprocess method. Developers must ensure that all user-provided path segments are properly validated to prevent directory traversal sequences from being processed. The recommended approach involves implementing strict path validation that checks for absolute paths, removes or rejects directory traversal sequences, and ensures that all resolved file paths remain within the configured root directory boundaries. Additionally, upgrading to Gradio version 6.16.0 or later resolves this vulnerability through proper path handling implementations that maintain the root directory context during path resolution operations.