CVE-2026-31249
Received Received - Intake
Insecure Deserialization in CosyVoice Data Processing Tool

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing malicious .pt files within a data directory. When a victim processes this directory using the tool, arbitrary code is executed on the victim's system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-01
AI Q&A
2026-05-11
EPSS Evaluated
2026-05-30
NVD
CVE-2026-31249
EUVD
EUVD-2026-29096
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
funaudiollm cosyvoice *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-31249 is an insecure deserialization vulnerability in the CosyVoice make_parquet_list.py data processing tool. The tool loads PyTorch .pt files using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects via the pickle module.

An attacker can exploit this vulnerability by providing malicious .pt files within a data directory. When the victim processes this directory using the tool, arbitrary code can be executed on the victim's system.


How can this vulnerability impact me? :

This vulnerability can lead to arbitrary code execution on the victim's system when processing malicious .pt files. This means an attacker could run any code they choose, potentially leading to system compromise, data theft, or further attacks.


What immediate steps should I take to mitigate this vulnerability?

To mitigate the insecure deserialization vulnerability in CosyVoice's make_parquet_list.py tool, ensure that when loading PyTorch .pt files using torch.load(), the parameter weights_only=True is enabled. This prevents arbitrary code execution by restricting deserialization to only tensor weights.

Additionally, avoid processing untrusted or malicious .pt files within data directories, as these can exploit the vulnerability by executing arbitrary code during deserialization.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves insecure deserialization in the make_parquet_list.py tool of CosyVoice when loading .pt files using torch.load() without the weights_only=True parameter. Detection would focus on identifying usage of this script processing untrusted .pt files.

To detect potential exploitation or presence of malicious .pt files, you can:

  • Check if the make_parquet_list.py script is being run on your system.
  • Audit the directories containing .pt files for unexpected or untrusted files.
  • Monitor execution logs or system calls related to torch.load() usage without the weights_only=True parameter.

Specific commands might include:

  • Use file system commands to find .pt files, e.g., `find /path/to/data -name '*.pt'`
  • Check running processes or recent command history for execution of make_parquet_list.py, e.g., `ps aux | grep make_parquet_list.py` or `grep make_parquet_list.py ~/.bash_history`
  • If possible, add logging or debugging to the script to verify if torch.load() is called without weights_only=True.

Note: No explicit detection commands or tools are provided in the available resources.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart