CVE-2026-43624 F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project()

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...