F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join() without validating the resulting path stays within the intended base directory. Attackers can supply absolute path arguments such as /tmp/EVIL to override the base directory entirely and create arbitrary directories with attacker-controlled JSON content at any filesystem path writable by the server process.
References
Configurations
No configuration.
History
01 Jun 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-01 19:16
Updated : 2026-07-14 21:16
NVD link : CVE-2026-43624
Mitre link : CVE-2026-43624
CVE.ORG link : CVE-2026-43624
JSON object : View
Products Affected
No product.
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
