CVE-2026-31250

Name of the Vulnerable Software and Affected Versions CosyVoice versions prior to commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e

Description An insecure deserialization issue exists in the average model.py model averaging tool. The script utilizes the torch.load() function to load PyTorch checkpoint files (epoch *.pt) without enabling the weights only=True security parameter. This allows the deserialization of arbitrary Python objects via the pickle module, which is a process of converting a byte stream back into an object. An attacker can execute arbitrary code on a system by providing malicious checkpoint files within a directory used by the tool.

Recommendations Update to a version beyond commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e. As a temporary workaround, restrict the use of the average model.py tool or avoid processing checkpoint files from untrusted sources.