Vulnerability Description
The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a user-specified directory (via the --model_dir argument), the code uses torch.load() without the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the Pickle module. An attacker can exploit this by providing a maliciously crafted model directory containing .pt files with embedded pickle payloads. When a victim loads this directory using CosyVoice's web interface, the malicious payload is executed, leading to remote code execution on the victim's system.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/FunAudioLLM/CosyVoice
- https://www.notion.so/CVE-2026-31232-35d1e1393188817f869cdcfce13402a8
FAQ
What is CVE-2026-31232?
CVE-2026-31232 is a vulnerability with a CVSS score of 8.8 (HIGH). The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model fi...
How severe is CVE-2026-31232?
CVE-2026-31232 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-31232?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.