{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-8756/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-8756"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Bert-VITS2"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","cve-2026-8756"],"_cs_type":"threat","_cs_vendors":["fishaudio"],"content_html":"\u003cp\u003eA path traversal vulnerability, identified as CVE-2026-8756, affects fishaudio Bert-VITS2 up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c. This vulnerability is located within the generate_config function of the webui_preprocess.py file, which is part of the Gradio Interface component. A remote attacker can exploit this vulnerability by manipulating the \u003ccode\u003edata_dir\u003c/code\u003e argument, potentially leading to unauthorized file access or modification. The exploit has been publicly disclosed and may be actively used. The vendor was contacted but did not respond to the disclosure. Due to the lack of versioning in this project, affected and unaffected releases are not clearly defined.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a Bert-VITS2 instance running the vulnerable Gradio Interface.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003egenerate_config\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eWithin the request, the attacker manipulates the \u003ccode\u003edata_dir\u003c/code\u003e argument to include path traversal sequences (e.g., \u0026ldquo;../\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eThe server-side application processes the request, unsafely concatenating the attacker-controlled \u003ccode\u003edata_dir\u003c/code\u003e value.\u003c/li\u003e\n\u003cli\u003eThe application attempts to access a file or directory based on the manipulated path.\u003c/li\u003e\n\u003cli\u003eDue to the path traversal, the application accesses a resource outside of the intended directory.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive files or directories on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker may further exploit the accessed information to compromise the system, depending on the files retrieved.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could allow an attacker to read sensitive files, potentially including configuration files, source code, or data used by the Bert-VITS2 application. The attacker could leverage this access to escalate privileges, compromise other systems on the network, or cause denial of service. The lack of versioning makes it difficult to determine the scope of vulnerable deployments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply input validation to the \u003ccode\u003edata_dir\u003c/code\u003e argument in the \u003ccode\u003egenerate_config\u003c/code\u003e function to prevent path traversal (reference: \u003ccode\u003ewebui_preprocess.py\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eImplement strict access controls to limit the files and directories that the Bert-VITS2 application can access.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect potential exploitation attempts by monitoring for path traversal sequences in HTTP requests targeting the Gradio Interface.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing path traversal sequences (reference: webserver logs).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-17T13:20:40Z","date_published":"2026-05-17T13:20:40Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-8756-bert-vits2-path-traversal/","summary":"A remote path traversal vulnerability exists in fishaudio Bert-VITS2's Gradio Interface, allowing attackers to manipulate the data_dir argument in the generate_config function of webui_preprocess.py.","title":"CVE-2026-8756: fishaudio Bert-VITS2 Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-8756-bert-vits2-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-8756","version":"https://jsonfeed.org/version/1.1"}