{"data":{"id":"0e47890e-821c-4d97-88f4-a6eac11a462c","title":"CVE-2026-43624: F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauth","summary":"F5-TTS (a text-to-speech software) through version 1.1.20 has a path traversal vulnerability (a flaw where attackers can access files outside the intended directory) in its finetune Gradio handlers (components that process fine-tuning requests). Unauthenticated attackers can exploit this by providing malicious project names that aren't checked, allowing them to write arbitrary files anywhere on the server's filesystem.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-43624","publishedAt":"2026-06-01T19:16:46.960Z","cveId":"CVE-2026-43624","cweIds":["CWE-22"],"cvssScore":"8.2","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["F5-TTS"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-01T19:16:46.960Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}