Skip to main content

Bert-VITS2 CVE-2026-8756

| EUVDEUVD-2026-30702 MEDIUM
Path Traversal (CWE-22)
2026-05-17 cna@vuldb.com GHSA-g26q-578c-pc62
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
May 17, 2026 - 13:30 vuln.today

DescriptionCVE.org

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the component Gradio Interface. Such manipulation of the argument data_dir leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Path traversal in fishaudio Bert-VITS2's Gradio web interface allows remote unauthenticated attackers to read or write arbitrary files on the server filesystem via the generate_config function's data_dir parameter. Public exploit code exists (disclosed via VulDB and GitHub Gist). EPSS data unavailable; CVSS 5.5 (Medium) but CVSS 4.0 vector shows network-accessible, no authentication required (AV:N/PR:N), making this readily exploitable against any internet-exposed instance. Vendor non-responsive to early disclosure attempt, indicating no official patch available.

Technical ContextAI

Bert-VITS2 is a voice cloning and text-to-speech system using BERT models and VITS2 architecture, exposing functionality via a Gradio web interface. The vulnerability resides in webui_preprocess.py's generate_config function, which processes user-supplied data_dir parameters without proper path validation (CWE-22: Improper Limitation of a Pathname to a Restricted Directory). The Gradio framework provides HTTP endpoints for model preprocessing tasks, and insufficient input sanitization allows attackers to inject path traversal sequences (e.g., '../../../etc/passwd') to escape intended directory boundaries. The CVSS vector VC:L/VI:L/VA:L indicates limited confidentiality, integrity, and availability impacts, suggesting partial file access rather than full system compromise, though exact impact depends on filesystem permissions of the Gradio process.

RemediationAI

No vendor-released patch identified at time of analysis-maintainer did not respond to early disclosure. Users must apply community-sourced mitigations or downstream forks with fixes. Immediate action: review GitHub repository commits after 8f7fbd8c4770965225d258db548da27dc8dd934c for path validation improvements in webui_preprocess.py; apply any available sanitization patches from community forks. Specific compensating controls: (1) Restrict Gradio interface to localhost only (bind to 127.0.0.1) if remote access not required-eliminates network attack vector but breaks legitimate remote use cases. (2) Deploy reverse proxy (nginx/Apache) with strict input validation on data_dir parameters to reject '../' sequences-requires regex tuning to avoid breaking valid relative paths. (3) Run Gradio process under a dedicated low-privilege user with chroot jail or containerization (Docker with read-only root filesystem)-limits file access scope but requires infrastructure changes. (4) Implement Web Application Firewall rules to block requests containing path traversal patterns-may trigger false positives on legitimate filenames. Each mitigation trades functionality or deployment complexity against risk reduction. Monitor upstream repository (https://github.com/fishaudio/Bert-VITS2) for official fixes post-disclosure.

Share

CVE-2026-8756 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy