PatchSiren cyber security CVE debrief
CVE-2026-8755 Unknown Vendor CVE debrief
CVE-2026-8755 describes a remotely reachable path traversal issue in the Bert-VITS2 Model Handler, specifically the _get_all_models function in hiyoriUI.py. The source description says the affected code is present up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c, that an exploit has been published, and that the vendor did not respond to early disclosure outreach. Because the product uses continuous delivery with rolling releases, no fixed affected or patched version numbers are provided in the source.
- Vendor
- Unknown Vendor
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-17
- Original CVE updated
- 2026-05-18
- Advisory published
- 2026-05-17
- Advisory updated
- 2026-05-18
Who should care
Operators of Bert-VITS2 deployments, especially internet-facing installations that expose the Model Handler or related UI endpoints. Security teams responsible for self-hosted AI/voice model services should treat this as a validation-and-triage item, with priority on systems that accept remote requests and manage local model paths.
Technical summary
The source data maps CVE-2026-8755 to CWE-22 path traversal in the Model Handler component. The vulnerable function is _get_all_models in hiyoriUI.py, and the issue is described as remotely triggerable. The practical security concern is that attacker-controlled path input may escape intended directory boundaries when model paths are processed, potentially exposing or manipulating filesystem content outside the expected model location.
Defensive priority
Medium priority, with higher urgency for exposed deployments. The CVSS score in the source is 5.5 (MEDIUM), but the presence of published exploitation and the remote attack vector make prompt validation important.
Recommended defensive actions
- Inventory Bert-VITS2 deployments and confirm whether hiyoriUI.py / Model Handler is reachable from untrusted networks.
- Review the current upstream commit state and compare it with 8f7fbd8c4770965225d258db548da27dc8dd934c to determine whether your deployed build includes the vulnerable code path.
- Apply any vendor or upstream remediation as soon as it becomes available; because the product uses rolling releases, rely on current commit/build state rather than version labels alone.
- Restrict network access to the UI and model-management surfaces until the risk is assessed.
- Add server-side validation to ensure model path inputs remain within approved directories and reject traversal sequences.
- Monitor filesystem and application logs for unexpected path resolution attempts or anomalous model-load activity.
- If the service must remain exposed, place it behind authentication and least-privilege filesystem permissions.
Evidence notes
All factual claims in this debrief are taken from the supplied CVE description and source metadata: CVE-2026-8755, CVSS 5.5/MEDIUM, CWE-22, vulnerable function _get_all_models in hiyoriUI.py, affected up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c, remote attackability, published exploit, continuous-delivery/rolling-release deployment model, and lack of vendor response. No fixed affected or updated versions are listed in the source corpus.
Official resources
Publicly disclosed on 2026-05-17 per the supplied CVE publication timestamp and source record. The source description states the vendor was contacted early but did not respond, and that an exploit has already been published.