CVE-2026-31251
Insecure Deserialization in CosyVoice gRPC Server
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| funaudiollm | cosyvoice | * |
| funaudiollm | cosyvoice | 3.0 |
| funaudiollm | cosyvoice | 2.0 |
| funaudiollm | cosyvoice | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid starting the CosyVoice gRPC server with a user-specified directory containing untrusted or potentially malicious model files.
Ensure that the torch.load() function is used with the weights_only=True parameter enabled to prevent insecure deserialization of arbitrary Python objects.
Do not allow attackers to provide or control the model files loaded by the server.
Can you explain this vulnerability to me?
This vulnerability exists in CosyVoice's gRPC server component where it insecurely deserializes data. Specifically, when the server starts, it loads a speech synthesis model from a user-specified directory using the torch.load() function without enabling the weights_only=True security parameter. This insecure deserialization allows an attacker to craft malicious model files that, when loaded by the server, execute arbitrary Python code on the victim's system during server initialization.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can execute arbitrary code on the system running the vulnerable CosyVoice gRPC server. This can lead to full system compromise, unauthorized access, data theft, or disruption of services, depending on the attacker's intent and the privileges of the server process.