CVE-2026-43624

Published: Giu 01, 2026 Last Modified: Giu 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH 8,2
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: low

Description

AI Translation Available

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join() without validating the resulting path stays within the intended base directory. Attackers can supply absolute path arguments such as /tmp/EVIL to override the base directory entirely and create arbitrary directories with attacker-controlled JSON content at any filesystem path writable by the server process.

22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
https://github.com/SWivid/F5-TTS/commit/2f53ded68e5f69e248c…
https://github.com/SWivid/F5-TTS/commit/2f53ded68e5f69e248ceb200a51ef4d1dc647936
https://github.com/SWivid/F5-TTS/issues/1293
https://github.com/SWivid/F5-TTS/issues/1293
https://github.com/SWivid/F5-TTS/pull/1294
https://github.com/SWivid/F5-TTS/pull/1294
https://www.vulncheck.com/advisories/f5-tts-path-traversal-…
https://www.vulncheck.com/advisories/f5-tts-path-traversal-via-finetune-gradio-…