CVE-2026-8756
fishaudio · Bert-VITS2
A vulnerability has been found in the fishaudio Bert-VITS2 project up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c.
Executive summary
The fishaudio Bert-VITS2 project is affected by a security vulnerability that may expose systems to unauthorized exploitation.
Vulnerability
The vulnerability impacts the Bert-VITS2 software up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c. The specific technical root cause is currently unspecified, requiring users to monitor the project repository for formal security disclosures.
Business impact
With a CVSS score of 7.3, this vulnerability represents a High-severity risk to deployments of Bert-VITS2. An attacker could potentially leverage this flaw to compromise the host environment or manipulate model processing, leading to service disruption or unauthorized data access.
Remediation
Immediate Action: Verify your current version of Bert-VITS2 and upgrade to the latest stable release or commit provided by the upstream maintainers.
Proactive Monitoring: Audit environment logs for suspicious activity, particularly around the input processing modules of the VITS2 pipeline.
Compensating Controls: Restrict network access to the host running the software and ensure it is isolated from sensitive internal network segments.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Security teams should immediately assess their usage of the Bert-VITS2 project. Given the lack of specific technical details, maintaining a posture of least privilege and applying the latest available security updates is the most effective strategy for risk mitigation.