AVID-2026-R1278

Description

Vulnerability CVE-2023-41626

Details

Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.

Reason for inclusion in AVID: CVE-2023-41626 describes an arbitrary file upload vulnerability in Gradio v3.27.0 via the /upload interface. Gradio is an AI/ML framework used to build and serve ML models and apps, placing this vulnerability squarely within AI software stacks. The issue is in a software component used to deploy AI solutions, not hardware/firmware. It is a security vulnerability (unrestricted file upload exposure). The CVE/NVD references provide explicit evidence.

References

• NVD entry
• https://gist.github.com/impose1/590472eb0544ef1ec36c8a5a40122adb

Affected or Relevant Artifacts

• Developer: n/a
• Deployer: n/a
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2023-09-15
• Version: 0.3.3
• AVID Entry