CVE-2026-31250
Received Received - Intake
Insecure Deserialization in CosyVoice Model Averaging Tool

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. The script loads PyTorch checkpoint files (epoch_*.pt) for model averaging using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing malicious checkpoint files within a directory. When a victim uses the tool to average models from this directory, arbitrary code is executed on the victim's system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-31250
EUVD
EUVD-2026-29097
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cosyvoice cosyvoice From 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an insecure deserialization issue in CosyVoice's average_model.py tool. The tool loads PyTorch checkpoint files using torch.load() without enabling the weights_only=True parameter, which means it deserializes the entire object using Python's pickle module. Because pickle can execute arbitrary code during deserialization, an attacker can craft malicious checkpoint files that, when loaded by the tool, execute arbitrary code on the victim's system.

Impact Analysis

The impact of this vulnerability is that an attacker can execute arbitrary code on your system by tricking the model averaging tool into loading malicious checkpoint files. This could lead to unauthorized actions such as data theft, system compromise, or further malware installation, depending on the attacker's intent and the privileges of the user running the tool.

Mitigation Strategies

To mitigate this vulnerability, avoid using the average_model.py tool to load PyTorch checkpoint files from untrusted or unverified directories.

Ensure that when using torch.load() in the model averaging tool, the weights_only=True parameter is enabled to prevent insecure deserialization.

Additionally, review and validate all checkpoint files before processing them with the tool to avoid executing malicious code.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31250. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart