CVE-2026-43624 in F5-TTSИнформация

Сводка

по MITRE • 01.06.2026

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join() without validating the resulting path stays within the intended base directory. Attackers can supply absolute path arguments such as /tmp/EVIL to override the base directory entirely and create arbitrary directories with attacker-controlled JSON content at any filesystem path writable by the server process.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

VulnCheck

Резервировать

01.05.2026

Раскрытие

01.06.2026

Модерация

принято

Вход

VDB-367732

CPE

готов

CWE

CWE-22 (Подтверждённый)

CVSS

8.2 (CNA)

EPSS

0.00085

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-43624
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-43624
CVE Details	https://www.cvedetails.com/cve/CVE-2026-43624/

◂ Предыдущий Обзор Далее ▸

Want to know what is going to be exploited?

We predict KEV entries!