CVE ID :CVE-2026-48545 Published : May 27, 2026, 2:59 p.m. | 18 minutes ago Description :Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a parent-domain cookie that the shared client stores and automatically replays into all subsequent proxy requests to other legitimate Spaces, affecting all users of the same Gradio deployment. Severity: 7.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...