CVE-2026-31252

MEDIUM EPSS 1.6%
Published May 11, 20261mo ago · Modified Jun 17, 20262w ago
5.7 CVSS 3.1
Medium
Find Similar
Published May 11, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load() to load model weight files (e.g., llm.pt, flow.pt, hift.pt) without enabling the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing a malicious model directory containing specially crafted model files. When a victim starts the CosyVoice Web UI pointing to this directory, arbitrary code is executed on the victim's system during the model loading process.

CVSS Details

Base Score
5.7
Exploitability
1.5
Impact
3.7
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability Low

Threat Intelligence

EPSS Exploit Probability
1.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-915
CWE-94 Improper Control of Generation of Code (Code Injection) Injection

References 2

  • github.com https://github.com/FunAudioLLM/CosyVoice
  • notion.so https://www.notion.so/CVE-2026-31252-35d1e139318881ef8acfcd877a432569

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.