{
  "variant_id": "CVE-2026-49119-alt-payloads",
  "created_at": "2026-07-05T07:53:00Z",
  "variant_summary": "Alternate FileExplorer payloads (absolute path and multi-level relative traversal) trigger the same unvalidated path-join sink in FileExplorer.preprocess() on Gradio <6.16.0. The patched commit (6.16.0) blocks all tested payloads via safe_join, so this is not a bypass.",
  "relation": "variant",
  "origin_kind": "pruva_variant",
  "repository": "https://github.com/gradio-app/gradio.git",
  "submitted_target": {
    "target_kind": "git_commit",
    "commit_sha": "0d670adf41a0b510f7fd745495dce1664d38f0e5",
    "version": "<6.16.0",
    "ref": "0d670adf41a0b510f7fd745495dce1664d38f0e5",
    "display": "Gradio before 6.16.0 (0d670adf)"
  },
  "variant_target": {
    "target_kind": "git_commit",
    "commit_sha": "0d670adf41a0b510f7fd745495dce1664d38f0e5",
    "version": "<6.16.0",
    "ref": "0d670adf41a0b510f7fd745495dce1664d38f0e5",
    "display": "Gradio before 6.16.0 (0d670adf) - same commit, alternate payloads"
  },
  "same_root_cause_confidence": "high",
  "same_surface_confidence": "high",
  "claimed_surface": "api_remote",
  "validated_surface": "api_remote",
  "required_entrypoint_kind": "endpoint",
  "required_entrypoint_detail": "Gradio /gradio_api/run/predict endpoint with a FileExplorer input",
  "attacker_controlled_input": "FileExplorer path segments (absolute or multi-level relative traversal)",
  "trigger_path": "gradio/components/file_explorer.py:FileExplorer.preprocess() -> user-defined prediction function",
  "observed_impact_class": "info_leak",
  "exploitability_confidence": "high",
  "evidence_scope": "production_path",
  "runtime_manifest_present": true,
  "end_to_end_target_reached": true,
  "inferred": false,
  "claim_block_reason": "mitigated_by_patch",
  "blocking_mitigation": "Gradio 6.16.0 replaces unsafe os.path.join/os.path.normpath in FileExplorer.preprocess() with _safe_join, which raises InvalidPathError for absolute paths and any normalized relative path starting with ../.",
  "file_path": "gradio/components/file_explorer.py",
  "line_start": 149,
  "line_end": 156,
  "secondary_anchors": [
    {
      "file_path": "gradio/components/file_explorer.py",
      "line_start": 224,
      "line_end": 231
    },
    {
      "file_path": "gradio/utils.py",
      "line_start": 1767,
      "line_end": 1785
    }
  ],
  "review_scope_paths": [
    "gradio/components/file_explorer.py",
    "gradio/utils.py"
  ],
  "artifact_refs": {
    "variant_manifest": "bundle/vuln_variant/variant_manifest.json",
    "validation_verdict": "bundle/vuln_variant/validation_verdict.json",
    "runtime_manifest": "bundle/vuln_variant/runtime_manifest.json",
    "repro_log": "bundle/logs/vuln_variant/reproduction_steps.log",
    "root_cause_equivalence": "bundle/vuln_variant/root_cause_equivalence.json",
    "reproducer": [
      "bundle/vuln_variant/reproduction_steps.sh",
      "bundle/vuln_variant/variant_repro.py"
    ]
  }
}
