CVE-2026-27167: Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
(updated )
Gradio applications running outside of Hugging Face Spaces automatically enable “mocked” OAuth routes when OAuth components (e.g. gr.LoginButton) are used. When a user visits /login/huggingface, the server retrieves its own Hugging Face access token via huggingface_hub.get_token() and stores it in the visitor’s session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner’s HF token. The session cookie is signed with a hardcoded secret derived from the string "-v4", making the payload trivially decodable.
References
- github.com/advisories/GHSA-h3h8-3v2v-rg7m
- github.com/gradio-app/gradio
- github.com/gradio-app/gradio/commit/dfee0da06d0aa94b3c2684131e7898d5d5c1911e
- github.com/gradio-app/gradio/releases/tag/gradio@6.6.0
- github.com/gradio-app/gradio/security/advisories/GHSA-h3h8-3v2v-rg7m
- nvd.nist.gov/vuln/detail/CVE-2026-27167
Code Behaviors & Features
Detect and mitigate CVE-2026-27167 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →