CVE-2026-8755

Name of the Vulnerable Software and Affected Versions fishaudio Bert-VITS2 versions prior to 8f7fbd8c4770965225d258db548da27dc8dd934c

Description A path traversal flaw exists in the Model Handler component, specifically within the get all models() function of the hiyoriUI.py file. This issue allows a remote attacker to manipulate file paths to access unauthorized directories.

Recommendations Update fishaudio Bert-VITS2 to a version later than 8f7fbd8c4770965225d258db548da27dc8dd934c. As a temporary workaround, restrict access to the get all models() function in the hiyoriUI.py file to minimize the risk of exploitation.