Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 03 Jun 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Swivid
Swivid f5-tts |
|
| Vendors & Products |
Swivid
Swivid f5-tts |
Mon, 01 Jun 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 01 Jun 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join() without validating the resulting path stays within the intended base directory. Attackers can supply absolute path arguments such as /tmp/EVIL to override the base directory entirely and create arbitrary directories with attacker-controlled JSON content at any filesystem path writable by the server process. | |
| Title | F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project() | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-23T16:16:32.972Z
Reserved: 2026-05-01T18:22:45.640Z
Link: CVE-2026-43624
Updated: 2026-06-01T18:58:28.919Z
Status : Deferred
Published: 2026-06-01T19:16:46.960
Modified: 2026-06-02T14:43:49.920
Link: CVE-2026-43624
No data.
OpenCVE Enrichment
Updated: 2026-06-02T20:52:54Z