CVE-2026-31251
Received Received - Intake
Insecure Deserialization in CosyVoice gRPC Server

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing malicious model files within a directory. When a victim starts the gRPC server pointing to this directory, arbitrary code is executed on the victim's system during server initialization.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-20
NVD
CVE-2026-31251
EUVD
EUVD-2026-29098
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
funaudiollm cosyvoice *
funaudiollm cosyvoice 3.0
funaudiollm cosyvoice 2.0
funaudiollm cosyvoice 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, avoid starting the CosyVoice gRPC server with a user-specified directory containing untrusted or potentially malicious model files.

Ensure that the torch.load() function is used with the weights_only=True parameter enabled to prevent insecure deserialization of arbitrary Python objects.

Do not allow attackers to provide or control the model files loaded by the server.

Executive Summary

This vulnerability exists in CosyVoice's gRPC server component where it insecurely deserializes data. Specifically, when the server starts, it loads a speech synthesis model from a user-specified directory using the torch.load() function without enabling the weights_only=True security parameter. This insecure deserialization allows an attacker to craft malicious model files that, when loaded by the server, execute arbitrary Python code on the victim's system during server initialization.

Impact Analysis

The impact of this vulnerability is that an attacker can execute arbitrary code on the system running the vulnerable CosyVoice gRPC server. This can lead to full system compromise, unauthorized access, data theft, or disruption of services, depending on the attacker's intent and the privileges of the server process.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31251. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart