Primary

Context

CosyVoice Insecure Deserialization Vulnerability Leading to Remote Code Execution

Vulnerability

A vulnerability allowing insecure deserialization has been identified in the CosyVoice project, specifically in the model loading process. This issue arises in versions prior to the latest commit on March 16, 2026. The vulnerability allows the deserialization of arbitrary Python objects through the Pickle module, which can be exploited by providing maliciously crafted model files (.pt) embedded with pickle payloads. When these files are loaded from a user-specified directory via the web interface, the embedded payloads are executed, resulting in remote code execution on the user's system.

Impact

Exploitation of this vulnerability allows for remote code execution on the victim's system.

Reproduction

To reproduce this vulnerability, upload a malicious .pt file containing a pickle payload to a directory. Then, use the CosyVoice web interface to load the model from that directory. The malicious payload will be executed, leading to remote code execution.

Added: May 12, 2026, 6:33 PM

Updated: May 12, 2026, 6:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

8.1

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

8.1

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CosyVoice Insecure Deserialization Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CosyVoice

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating