CVE-2026-31249
Received Received - Intake
Insecure Deserialization in CosyVoice Data Processing Tool

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing malicious .pt files within a data directory. When a victim processes this directory using the tool, arbitrary code is executed on the victim's system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-31249
EUVD
EUVD-2026-29096
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
funaudiollm cosyvoice *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-31249 is an insecure deserialization vulnerability in the CosyVoice make_parquet_list.py data processing tool. The tool loads PyTorch .pt files using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects via the pickle module.

An attacker can exploit this vulnerability by providing malicious .pt files within a data directory. When the victim processes this directory using the tool, arbitrary code can be executed on the victim's system.

Impact Analysis

This vulnerability can lead to arbitrary code execution on the victim's system when processing malicious .pt files. This means an attacker could run any code they choose, potentially leading to system compromise, data theft, or further attacks.

Mitigation Strategies

To mitigate the insecure deserialization vulnerability in CosyVoice's make_parquet_list.py tool, ensure that when loading PyTorch .pt files using torch.load(), the parameter weights_only=True is enabled. This prevents arbitrary code execution by restricting deserialization to only tensor weights.

Additionally, avoid processing untrusted or malicious .pt files within data directories, as these can exploit the vulnerability by executing arbitrary code during deserialization.

Detection Guidance

This vulnerability involves insecure deserialization in the make_parquet_list.py tool of CosyVoice when loading .pt files using torch.load() without the weights_only=True parameter. Detection would focus on identifying usage of this script processing untrusted .pt files.

To detect potential exploitation or presence of malicious .pt files, you can:

  • Check if the make_parquet_list.py script is being run on your system.
  • Audit the directories containing .pt files for unexpected or untrusted files.
  • Monitor execution logs or system calls related to torch.load() usage without the weights_only=True parameter.

Specific commands might include:

  • Use file system commands to find .pt files, e.g., `find /path/to/data -name '*.pt'`
  • Check running processes or recent command history for execution of make_parquet_list.py, e.g., `ps aux | grep make_parquet_list.py` or `grep make_parquet_list.py ~/.bash_history`
  • If possible, add logging or debugging to the script to verify if torch.load() is called without weights_only=True.

Note: No explicit detection commands or tools are provided in the available resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31249. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart