CVE-2026-10783

Exploit

EPSS 0.11%
Veröffentlicht 03.06.2026 23:30:12
Zuletzt bearbeitet 10.06.2026 18:06:38
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

gradio-app gradio Audio Cache Key save_audio_to_cache weak hash

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The patch is named 13394. To fix this issue, it is recommended to deploy a patch.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gradio Project ≫ Gradio Version6.14.0 SwPlatformpython

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.013

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	2.5	1	1.4	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	1.1	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	1	1.5	2.9	AV:L/AC:H/Au:S/C:P/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

CWE-328 Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

https://github.com/gradio-app/gradio/

Product

https://vuldb.com/vuln/368140

Third Party Advisory

VDB Entry

https://vuldb.com/vuln/368140/cti

VDB Entry

Permissions Required

https://vuldb.com/cve/CVE-2026-10783

Third Party Advisory

VDB Entry

https://vuldb.com/submit/831451

Third Party Advisory

VDB Entry

https://github.com/gradio-app/gradio/issues/13395

Exploit

Issue Tracking

https://github.com/gradio-app/gradio/pull/13394

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-10783

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-10783

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-10783

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-10783