CVE-2026-31252
Received Received - Intake
Insecure Deserialization in CosyVoice Model Loading

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load() to load model weight files (e.g., llm.pt, flow.pt, hift.pt) without enabling the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing a malicious model directory containing specially crafted model files. When a victim starts the CosyVoice Web UI pointing to this directory, arbitrary code is executed on the victim's system during the model loading process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-31252
EUVD
EUVD-2026-29099
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
cosyvoice cosyvoice *
funaudiollm fun-cosyvoice *
funaudiollm cosyvoice *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-31252 is an insecure deserialization vulnerability in CosyVoice's model loading component. The software uses the torch.load() function to load model weight files without enabling the security-restrictive parameter weights_only=True. This omission allows the deserialization of arbitrary Python objects via the pickle module.

An attacker can exploit this vulnerability by providing a malicious model directory containing specially crafted model files. When a user starts the CosyVoice Web UI pointing to this malicious directory, arbitrary code is executed on the victim's system during the model loading process.

Impact Analysis

This vulnerability can lead to arbitrary code execution on the victim's system. An attacker who successfully exploits it can run malicious code with the privileges of the user running the CosyVoice Web UI.

Potential impacts include system compromise, data theft, unauthorized access, and disruption of services.

Mitigation Strategies

To mitigate this vulnerability, avoid loading model weight files using torch.load() without the security-restrictive parameter weights_only=True.

Ensure that the CosyVoice Web UI does not point to untrusted or malicious model directories containing specially crafted model files.

Update the CosyVoice framework to a version that includes the fix for this insecure deserialization vulnerability, if available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31252. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart