CVE-2026-8756: A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted elem
highvulnerability
security
Summary
A path traversal vulnerability (a type of attack where an attacker manipulates file paths to access files outside the intended directory) was found in fishaudio Bert-VITS2, specifically in the generate_config function of the Gradio Interface (a web-based tool for interacting with AI models). The vulnerability can be triggered remotely by manipulating the data_dir argument, and the exploit is now publicly known.
Vulnerability Details
CVSS Score
7.3(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
network
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
May 17, 2026
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-8756
First tracked: May 17, 2026 at 02:10 PM
Classified by LLM (prompt v3) · confidence: 85%