CVE-2026-31252: n/a
CosyVoice contains an insecure deserialization vulnerability in its model loading component due to the use of torch. load() without the security-restrictive weights_only=True parameter. This allows an attacker to execute arbitrary code by supplying malicious model files that get deserialized when the victim loads them via the CosyVoice Web UI. The vulnerability arises from unsafe deserialization of Python objects via the pickle module. No official patch or remediation guidance is currently available, and no known exploits are reported in the wild.
AI Analysis
Technical Summary
CVE-2026-31252 is an insecure deserialization vulnerability in CosyVoice's model loading mechanism. The framework uses torch.load() to load model weight files without enabling the weights_only=True parameter, which restricts deserialization to tensor weights only. This omission allows arbitrary Python objects to be deserialized via pickle, enabling remote code execution if a victim loads a malicious model directory through the CosyVoice Web UI. The vulnerability affects versions up to the commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e dated 2025-30-21. No patch or official remediation is currently documented.
Potential Impact
An attacker who can supply a malicious model directory to a victim running the CosyVoice Web UI can achieve arbitrary code execution on the victim's system during model loading. This can lead to full system compromise depending on the victim's privileges. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should avoid loading untrusted or unauthenticated model files with CosyVoice. Restricting access to the model loading functionality and validating model sources can reduce risk.
CVE-2026-31252: n/a
Description
CosyVoice contains an insecure deserialization vulnerability in its model loading component due to the use of torch. load() without the security-restrictive weights_only=True parameter. This allows an attacker to execute arbitrary code by supplying malicious model files that get deserialized when the victim loads them via the CosyVoice Web UI. The vulnerability arises from unsafe deserialization of Python objects via the pickle module. No official patch or remediation guidance is currently available, and no known exploits are reported in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-31252 is an insecure deserialization vulnerability in CosyVoice's model loading mechanism. The framework uses torch.load() to load model weight files without enabling the weights_only=True parameter, which restricts deserialization to tensor weights only. This omission allows arbitrary Python objects to be deserialized via pickle, enabling remote code execution if a victim loads a malicious model directory through the CosyVoice Web UI. The vulnerability affects versions up to the commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e dated 2025-30-21. No patch or official remediation is currently documented.
Potential Impact
An attacker who can supply a malicious model directory to a victim running the CosyVoice Web UI can achieve arbitrary code execution on the victim's system during model loading. This can lead to full system compromise depending on the victim's privileges. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should avoid loading untrusted or unauthenticated model files with CosyVoice. Restricting access to the model loading functionality and validating model sources can reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a028781cbff5d86108b8f70
Added to database: 5/12/2026, 1:50:57 AM
Last enriched: 5/12/2026, 2:11:23 AM
Last updated: 5/12/2026, 3:02:22 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.