CVE-2026-8756

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions fishaudio Bert-VITS2 versions up to 8f7fbd8c4770965225d258db548da27dc8dd934c

Description A path traversal issue exists in the Gradio Interface component. A remote attacker can manipulate the data dir argument within the generate config() function of the webui preprocess.py file to access files and directories outside the intended folder.

Recommendations Update fishaudio Bert-VITS2 to a version later than 8f7fbd8c4770965225d258db548da27dc8dd934c. As a temporary workaround, restrict access to the generate config() function in webui preprocess.py to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-8756

Affected Products

Bert-Vits2

CVE-2026-8756

Weakness Enumeration

Related Identifiers

Affected Products

References · 7