CVE-2026-43624

Published: Jun 1, 2026

Modified: Jun 1, 2026

PUBLISHED

CVSS v3.1

8.2

HIGH

Description

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join() without validating the resulting path stays within the intended base directory. Attackers can supply absolute path arguments such as /tmp/EVIL to override the base directory entirely and create arbitrary directories with attacker-controlled JSON content at any filesystem path writable by the server process.

Vendor	Product	Versions
SWivid	F5-TTS	affected `0 - <= 1.1.20` unaffected `2f53ded68e5f69e248ceb200a51ef4d1dc647936`

Weaknesses (CWE)

CWE-22

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

References

https://github.com/SWivid/F5-TTS/issues/1293

technical-description

exploit

https://github.com/SWivid/F5-TTS/pull/1294

issue-tracking

https://github.com/SWivid/F5-TTS/commit/2f53ded68e5f69e248ceb200a51ef4d1dc647936

patch

https://www.vulncheck.com/advisories/f5-tts-path-traversal-via-finetune-gradio-py-create-data-project

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43624

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References