Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-43624

Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-22 Limitación incorrecta de nombre de ruta a un directorio restringido (Path Traversal)
Fecha de publicación:
01/06/2026
Última modificación:
02/06/2026

Descripción

*** Pendiente de traducción *** F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join() without validating the resulting path stays within the intended base directory. Attackers can supply absolute path arguments such as /tmp/EVIL to override the base directory entirely and create arbitrary directories with attacker-controlled JSON content at any filesystem path writable by the server process.