CVE-2026-31252
Insecure Deserialization in CosyVoice Model Loading
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cosyvoice | cosyvoice | * |
| funaudiollm | cosyvoice | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31252 is an insecure deserialization vulnerability in CosyVoice's model loading component. The software uses the torch.load() function to load model weight files without enabling the security-restrictive parameter weights_only=True. This omission allows the deserialization of arbitrary Python objects via the pickle module.
An attacker can exploit this vulnerability by providing a malicious model directory containing specially crafted model files. When a user starts the CosyVoice Web UI pointing to this malicious directory, arbitrary code is executed on the victim's system during the model loading process.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on the victim's system. An attacker who successfully exploits it can run malicious code with the privileges of the user running the CosyVoice Web UI.
Potential impacts include system compromise, data theft, unauthorized access, and disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid loading model weight files using torch.load() without the security-restrictive parameter weights_only=True.
Ensure that the CosyVoice Web UI does not point to untrusted or malicious model directories containing specially crafted model files.
Update the CosyVoice framework to a version that includes the fix for this insecure deserialization vulnerability, if available.