CVE-2026-43624

🗓️ 01 Jun 2026 18:16:10Reported by VulnCheckType

CVE-2026-43624: F5-TTS up to 1.1.20 allows unauthenticated path traversal to write arbitrary files via finetune Gradio handlers.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-43624	1 Jun 202618:16	–	attackerkb
CNNVD	F5-TTS 路径遍历漏洞	1 Jun 202600:00	–	cnnvd
Cvelist	CVE-2026-43624 F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project()	1 Jun 202618:16	–	cvelist
EUVD	EUVD-2026-33744	1 Jun 202618:16	–	euvd
NVD	CVE-2026-43624	1 Jun 202619:16	–	nvd
Positive Technologies	PT-2026-45518	1 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-43624	5 Jun 202619:23	–	redhatcve
Vulnrichment	CVE-2026-43624 F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project()	1 Jun 202618:16	–	vulnrichment

Vulners

Node

swivid f5-ttsRange0–1.1.20

[
  {
    "defaultStatus": "affected",
    "vendor": "SWivid",
    "product": "F5-TTS",
    "repo": "https://github.com/SWivid/F5-TTS",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "1.1.20"
      },
      {
        "status": "unaffected",
        "version": "2f53ded68e5f69e248ceb200a51ef4d1dc647936",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/SWivid/F5-TTS/pull/1294
github	www.github.com/SWivid/F5-TTS/commit/2f53ded68e5f69e248ceb200a51ef4d1dc647936
vulncheck	www.vulncheck.com/advisories/f5-tts-path-traversal-via-finetune-gradio-py-create-data-project
github	www.github.com/SWivid/F5-TTS/issues/1293

17 Jun 2026 10:49Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18.2

CVSS 48.8

EPSS0.00393

SSVC

CWE-22