gradio-app gradio Audio Cache Key save_audio_to_cache weak hash_CVE-2026-10783

2 / 10

LOW

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The patch is named 13394. To fix this issue, it is recommended to deploy a patch.

Basic Information

ID CVE-2026-10783

Source VulDB

Published Jun 3, 2026 at 23:30

Affected Product

Vendor gradio-app

Product gradio

Version 6.14.0

Affected Versions gradio-app gradio 6.14.0

CWE Classification

CWE-328 CWE-327

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The patch is named 13394. To fix this issue, it is recommended to deploy a patch.",
    "published": "2026-06-03T23:30:12.545Z",
    "modified": "2026-06-03T23:30:12.545Z",
    "type": "cve",
    "title": "gradio-app gradio Audio Cache Key save_audio_to_cache weak hash",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/368140\nhttps://vuldb.com/vuln/368140/cti\nhttps://vuldb.com/cve/CVE-2026-10783\nhttps://vuldb.com/submit/831451\nhttps://github.com/gradio-app/gradio/issues/13395\nhttps://github.com/gradio-app/gradio/pull/13394\nhttps://github.com/gradio-app/gradio/",
    "id": "CVE-2026-10783",
    "bulletinFamily": "",
    "cwe": [
        "CWE-328",
        "CWE-327"
    ],
    "cvelist": null,
    "sourceData": "gradio-app gradio 6.14.0",
    "sourceHref": "",
    "cvss": {
        "score": 2,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "gradio",
    "version": "6.14.0",
    "vendor": "gradio-app",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}