HIGH 8.2

CVE-2026-43624: F5-TTS Path Traversal Vulnerability (CVSS 8.2)

F5-TTS versions up to 1.1.20 contain a path traversal vulnerability in their finetune Gradio interface that lets unauthenticated attackers write files anywhere on the server's filesystem. The flaw stems from inadequate validation of project names before they're used in file system operations. An attacker can bypass the intended directory boundary by supplying absolute paths (like /tmp/EVIL) and create malicious files with arbitrary content in locations the web server can access. No authentication is required to exploit this.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.2 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Weaknesses (CWE)
CWE-22
Affected products
0 configuration(s)
Published / Modified
2026-06-01 / 2026-06-17

NVD description (verbatim)

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join() without validating the resulting path stays within the intended base directory. Attackers can supply absolute path arguments such as /tmp/EVIL to override the base directory entirely and create arbitrary directories with attacker-controlled JSON content at any filesystem path writable by the server process.

4 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability exists in the finetune Gradio handlers where unsanitized user-supplied project names are passed directly to os.path.join() without path canonicalization or validation that the resulting path remains within the base directory. An attacker can supply an absolute path as the project name parameter, which will override the base directory context and allow file creation at any writable location. The attacker can control the content of created JSON files, enabling them to inject malicious configurations or data. The issue affects F5-TTS through version 1.1.20 and requires no authentication or user interaction.

Business impact

Successful exploitation could allow an attacker to compromise the integrity of the F5-TTS server and potentially the applications or systems that depend on it. An attacker could inject malicious configuration files, overwrite critical application files, or place executable content in startup directories. This could lead to arbitrary code execution if the injected files are subsequently processed by the application or system. For organizations using F5-TTS in production environments, this represents a significant risk to availability and confidentiality if combined with other attack vectors.

Affected systems

F5-TTS versions 1.1.20 and earlier are affected. The vulnerability is exposed through the finetune Gradio handlers, which are web-accessible endpoints. Any deployment of F5-TTS that has the finetune interface exposed to network access is at risk, regardless of internal or external network placement.

Exploitability

This vulnerability has a low barrier to exploitation. No authentication is required, the attack vector is network-based, and the complexity is low. An attacker only needs to craft an HTTP request with a malicious project name parameter containing an absolute path. The attack can be automated and scaled. However, actual impact depends on filesystem permissions of the server process and what writable locations exist on the target system. The vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog, but the straightforward nature of the flaw means public exploitation tooling could emerge rapidly once public disclosure is complete.

Remediation

Upgrade F5-TTS to a version newer than 1.1.20 that includes validation of project names. Organizations unable to upgrade immediately should implement network-level controls to restrict access to the finetune Gradio endpoints, ideally limiting exposure to trusted internal networks only. Disable the finetune functionality if it is not required for operations.

Patch guidance

Apply the latest F5-TTS update available from F5 that addresses path traversal input validation. Verify against the F5 security advisory that your upgraded version includes explicit path sanitization and validation to ensure project names cannot contain path traversal sequences or absolute paths. Test the upgrade in a non-production environment before deployment to confirm finetune functionality operates as expected.

Detection guidance

Monitor HTTP request logs for the finetune Gradio endpoints for suspicious project name parameters. Look for requests containing absolute paths (starting with /), path traversal sequences (../, ..), or unusual directory names. Log and alert on any HTTP requests to finetune handlers that include characters such as / or \ in the project name field. Inspect the filesystem for unexpected directories or JSON files created outside the intended finetune project directory structure. Check server process logs for file creation errors or permission denied messages that may indicate failed exploitation attempts.

Why prioritize this

This vulnerability rates HIGH severity and should be prioritized for remediation because it allows unauthenticated remote file write without requiring user interaction. The CVSS score of 8.2 reflects the ease of exploitation and significant integrity impact. Although it does not provide direct confidentiality compromise, the ability to write arbitrary files creates a stepping stone to code execution or configuration tampering. Organizations running F5-TTS should treat this as urgent.

Risk score, explained

The CVSS 3.1 score of 8.2 (HIGH) is driven by: network-accessible attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high integrity impact (I:H) from arbitrary file write. The availability impact is rated as low (A:L) because denial of service is possible but not the primary impact. The unchanged scope (S:U) indicates the vulnerability does not cross trust boundaries. The absence of confidentiality impact (C:N) prevents a critical rating, but the combination of ease and integrity damage justifies HIGH severity.

Frequently asked questions

Could an attacker use this to execute code directly?

Not directly through the file write alone. However, writing to certain filesystem locations—such as application startup directories, library paths, or configuration files that are subsequently executed—could enable code execution. The actual risk depends on the deployment environment and what processes run with the affected server's privileges.

Do I need to be on a public network to be at risk?

No. The vulnerability is exploitable from any network (internal or external) that can reach the finetune Gradio endpoints. Organizations should assume their F5-TTS instances are at risk unless network access is explicitly restricted via firewall rules or other controls.

What if I can't upgrade immediately?

Implement firewall rules to block or restrict access to the finetune Gradio handlers to only trusted IP addresses or internal networks. Disable the finetune feature entirely if it is not in active use. Monitor file system activity and HTTP logs closely for signs of exploitation. Plan an expedited upgrade as soon as a patched version is available.

Is this vulnerability actively being exploited?

As of the latest information, this vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog. However, path traversal flaws in web interfaces are well-understood attack patterns, and exploit code could be developed and published quickly once the vulnerability becomes widely known.

This analysis is provided for informational purposes to support vulnerability management and risk prioritization. The information is based on the CVE record and publicly available details as of the publication date. Actual exploitation impact may vary based on deployment configuration, network access controls, and the specific version in use. Organizations should verify patch availability and compatibility with their environment before deploying updates. SEC.co does not warrant the accuracy or completeness of this analysis and recommends consultation with F5 support and internal security teams for environment-specific guidance. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).