3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1035 more potentially affected by CVE-2026-27167 via gradio (>=4.16.0 <=6.4.0)

gradio PYPI version =4.16.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.4, =0.1.11 and more Source cves: CVE-2026-27167 Source advisory: OSV:GHSA-H3H8-3V2V-RG7M...

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +692 more potentially affected by CVE-2026-27167 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-27167 Source advisory: SNYK:PYTHON-GRADIO-15366402...

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1035 more potentially affected by CVE-2026-27167 via gradio (>=4.16.0 <=6.4.0)

gradio PYPI version =4.16.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.4, =0.1.11 and more Source cves: CVE-2026-27167 Source advisory: OSV:PYSEC-2026-63...

CVE-2026-27167 Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visi...

CVE-2026-27167

creationtimestamp| type| source ---|---|--- 2026-02-27 20:23:08+00:00| published-proof-of-concept| https://github.com/gradio-app/gradio/security/advisories/GHSA-h3h8-3v2v-rg7m 2026-03-01 01:10:21+00:00| seen| https://gist.github.com/alon710/b9cbc8bb91819a5e8479c60ca815f5c4 2026-03-02...