CVE-2026-31232HIGH 8.8EPSS p36.2%

CVE-2026-31232CVE-2026-31232

Description

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a user-specified directory (via the --model_dir argument), the code uses torch.load() without the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the Pickle module. An attacker can exploit this by providing a maliciously crafted model directory containing .pt files with embedded pickle payloads. When a victim loads this directory using CosyVoice's web interface, the malicious payload is executed, leading to remote code execution on the victim's system.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.46% probability of exploitation · percentile 36.2% · 2026-06-19T12:03:05Z
Published2026-05-12
Last modified2026-05-14

Underlying weaknesses· 1

CWE-502

References

  1. https://github.com/FunAudioLLM/CosyVoice
  2. https://www.notion.so/CVE-2026-31232-35d1e1393188817f869cdcfce13402a8

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31214
CVE
CVE-2025-43850
CVE
CVE-2026-31224
CVE
CVE-2025-43846
CVE
CVE-2026-31222
CVE
CVE-2025-43847
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.