CVE-2026-43624
HIGHF5-TTS <= 1.1.20 - Unauthenticated Path Traversal and Arbitrary File Write via Gradio Project Name
Title source: llmDescription
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join() without validating the resulting path stays within the intended base directory. Attackers can supply absolute path arguments such as /tmp/EVIL to override the base directory entirely and create arbitrary directories with attacker-controlled JSON content at any filesystem path writable by the server process.
References (4)
Core 4
Core References
Issue Tracking
https://github.com/SWivid/F5-TTS/issues/1293
Issue Tracking
https://github.com/SWivid/F5-TTS/pull/1294
Scores
CVSS v3
8.2
EPSS
0.0039
EPSS Percentile
30.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Details
CWE
CWE-22
Status
published
Published
Jun 01, 2026
Tracked Since
Jun 02, 2026