Skip to main content

F5 Tts

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-43624 HIGH POC PATCH This Week

Arbitrary file write in F5-TTS through 1.1.20 allows unauthenticated remote attackers to create directories and write attacker-controlled JSON anywhere the server process has write access by abusing unsanitized project_name parameters in the finetune Gradio interface. The flaw stems from passing user input directly to os.path.join() - supplying an absolute path bypasses the intended base directory entirely. Publicly available exploit code exists, and an upstream patch has been merged via PR #1294.

Path Traversal F5 Tts
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-43624
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Arbitrary file write in F5-TTS through 1.1.20 allows unauthenticated remote attackers to create directories and write attacker-controlled JSON anywhere the server process has write access by abusing unsanitized project_name parameters in the finetune Gradio interface. The flaw stems from passing user input directly to os.path.join() - supplying an absolute path bypasses the intended base directory entirely. Publicly available exploit code exists, and an upstream patch has been merged via PR #1294.

Path Traversal F5 Tts
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy