CVE-2026-31252

Name of the Vulnerable Software and Affected Versions CosyVoice versions prior to commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e

Description An insecure deserialization issue exists in the model loading component. The framework utilizes the torch.load() function to load model weight files, such as "llm.pt", "flow.pt", and "hift.pt", without the weights only=True parameter enabled. This allows the deserialization of arbitrary Python objects through the pickle module. An attacker can execute arbitrary code on a system by providing a malicious model directory with specially crafted files that are processed when the CosyVoice Web UI is started.

Recommendations Update to a version beyond commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e.