CVE-2026-31251: n/a
CVE-2026-31251 is an insecure deserialization vulnerability in the gRPC server component of CosyVoice. The server loads a speech synthesis model from a user-specified directory using torch. load() without the weights_only=True parameter, enabling arbitrary Python object deserialization via pickle. An attacker can exploit this by placing malicious model files in the directory, causing arbitrary code execution during server startup. No patch or official remediation guidance is currently available. This vulnerability affects local deployments of the server and requires attacker control over the model directory path. There is no evidence of exploitation in the wild at this time.
AI Analysis
Technical Summary
CosyVoice versions up to commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e contain an insecure deserialization vulnerability (CWE-502) in their gRPC server. The vulnerability arises because the server loads speech synthesis models using torch.load() without the weights_only=True flag, allowing arbitrary Python objects to be deserialized via pickle. If an attacker can place malicious model files in the directory specified at server startup, arbitrary code can be executed on the victim system during initialization of the gRPC server.
Potential Impact
Successful exploitation results in arbitrary code execution on the victim system during gRPC server startup. This can lead to full system compromise depending on the privileges of the server process. The attack requires the attacker to supply malicious model files and influence the directory path used by the server, limiting remote exploitation scenarios. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid starting the gRPC server with model directories that could be controlled or influenced by untrusted users. Restrict access to model directories and validate inputs specifying model paths. Consider running the server with least privilege to limit impact of potential exploitation.
CVE-2026-31251: n/a
Description
CVE-2026-31251 is an insecure deserialization vulnerability in the gRPC server component of CosyVoice. The server loads a speech synthesis model from a user-specified directory using torch. load() without the weights_only=True parameter, enabling arbitrary Python object deserialization via pickle. An attacker can exploit this by placing malicious model files in the directory, causing arbitrary code execution during server startup. No patch or official remediation guidance is currently available. This vulnerability affects local deployments of the server and requires attacker control over the model directory path. There is no evidence of exploitation in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CosyVoice versions up to commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e contain an insecure deserialization vulnerability (CWE-502) in their gRPC server. The vulnerability arises because the server loads speech synthesis models using torch.load() without the weights_only=True flag, allowing arbitrary Python objects to be deserialized via pickle. If an attacker can place malicious model files in the directory specified at server startup, arbitrary code can be executed on the victim system during initialization of the gRPC server.
Potential Impact
Successful exploitation results in arbitrary code execution on the victim system during gRPC server startup. This can lead to full system compromise depending on the privileges of the server process. The attack requires the attacker to supply malicious model files and influence the directory path used by the server, limiting remote exploitation scenarios. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid starting the gRPC server with model directories that could be controlled or influenced by untrusted users. Restrict access to model directories and validate inputs specifying model paths. Consider running the server with least privilege to limit impact of potential exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a028781cbff5d86108b8f6c
Added to database: 5/12/2026, 1:50:57 AM
Last enriched: 5/12/2026, 2:11:13 AM
Last updated: 5/12/2026, 3:45:45 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.