CVE-2026-31251 | CosyVoice up to 2025-30-21 Pickle torch.load deserialization
A vulnerability has been found in CosyVoice up to 2025-30-21 and classified as critical. This vulnerability affects the function torch.load of the component Pickle Module. Performing a manipulation results in deserialization.
This vulnerability was named CVE-2026-31251. The attack needs to be approached within the local network. There is no available exploit.