SecuriTricks - CVE-2026-31251

Description

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing malicious model files within a directory. When a victim starts the gRPC server pointing to this directory, arbitrary code is executed on the victim's system during server initialization.

Product(s) Impacted

Vendor	Product	Versions
Cosyvoice	Cosyvoice	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	cosyvoice	cosyvoice	/	/	/	/	/	/	/	/

References

https://github.com/FunAudioLLM/CosyVoice

https://www.notion.so/CVE-2026-31251-35d1e1393188816f9bf5f3ccea3aa16f

CVSS Score

7.3 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

View Vector String

Timeline

Published: May 11, 2026, 5:16 p.m.
Last Modified: May 12, 2026, 8:16 p.m.

Status : Deferred

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-31251