Gradio Patches Critical SSRF Vulnerability in Version 6 Update — Users Urged to Upgrade Immediately

The maintainers of Gradio, the popular open-source framework for building machine learning applications, have addressed a critical server-side request forgery (SSRF) vulnerability tracked as CVE-2026-28416. The flaw resided in the `gr.load()` configuration processing logic, where a malicious `proxy_url` parameter could be injected to trigger unauthorized server-side requests on behalf of the application. The vulnerability, catalogued under GitHub Advisory GHSA-jmh7-g254-2cq9, has been patched in the release of Gradio version 6.0.0, superseding the previous stable release at version 5.35.0.

The SSRF vector specifically targeted how Gradio handled external configuration loading through its `gr.load()` function. By crafting a malicious `proxy_url` value, an attacker could compel a vulnerable Gradio instance to make HTTP requests to internal services, cloud provider metadata endpoints, or other restricted resources that should otherwise be inaccessible from the public internet. This class of vulnerability is particularly dangerous in environments where Gradio powers internal tooling, as it can serve as a bridge for reconnaissance and lateral movement.

Users running Gradio installations on versions prior to 6.0.0 are advised to upgrade as soon as operationally feasible. The automated dependency management tool Renovate initiated this security-focused version bump, reflecting a growing industry pattern of using automated tooling to accelerate the rollout of critical patches. Organizations that cannot immediately upgrade should evaluate network-level controls that restrict outbound requests initiated by Gradio workloads, particularly access to cloud metadata IPs and internal service endpoints.