{"data":{"id":"ead52407-13db-4d52-876e-762e4152784f","title":"CVE-2026-31250: CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnera","summary":"CosyVoice, a voice synthesis tool, has a vulnerability in its model averaging feature where it loads PyTorch checkpoint files (serialized machine learning model files) using an unsafe method that can execute arbitrary code. An attacker can create malicious checkpoint files that, when processed by the tool, will run code on the victim's computer without permission.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-31250","publishedAt":"2026-05-11T17:16:19.950Z","cveId":"CVE-2026-31250","cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["model_poisoning","supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["CosyVoice"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-11T17:16:19.950Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}