{"data":{"id":"ec68e803-e614-4ee9-bba2-f3e2209097cf","title":"CVE-2026-8756: A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted elem","summary":"A path traversal vulnerability (a type of attack where an attacker manipulates file paths to access files outside the intended directory) was found in fishaudio Bert-VITS2, specifically in the generate_config function of the Gradio Interface (a web-based tool for interacting with AI models). The vulnerability can be triggered remotely by manipulating the data_dir argument, and the exploit is now publicly known.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-8756","publishedAt":"2026-05-17T13:16:46.410Z","cveId":"CVE-2026-8756","cweIds":["CWE-22"],"cvssScore":"7.3","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["fishaudio Bert-VITS2"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-17T13:16:46.410Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}