CVE-2026-31250
Insecure Deserialization in CosyVoice Model Averaging Tool
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cosyvoice | cosyvoice | From 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid using the average_model.py tool to load PyTorch checkpoint files from untrusted or unverified directories.
Ensure that when using torch.load() in the model averaging tool, the weights_only=True parameter is enabled to prevent insecure deserialization.
Additionally, review and validate all checkpoint files before processing them with the tool to avoid executing malicious code.
Can you explain this vulnerability to me?
This vulnerability is an insecure deserialization issue in CosyVoice's average_model.py tool. The tool loads PyTorch checkpoint files using torch.load() without enabling the weights_only=True parameter, which means it deserializes the entire object using Python's pickle module. Because pickle can execute arbitrary code during deserialization, an attacker can craft malicious checkpoint files that, when loaded by the tool, execute arbitrary code on the victim's system.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can execute arbitrary code on your system by tricking the model averaging tool into loading malicious checkpoint files. This could lead to unauthorized actions such as data theft, system compromise, or further malware installation, depending on the attacker's intent and the privileges of the user running the tool.