CVE-2026-49121

Source
https://cve.org/CVERecord?id=CVE-2026-49121
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-49121.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-49121
Published
2026-06-01T17:09:18.607Z
Modified
2026-07-08T08:18:42.254177318Z
Severity
  • 9.2 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization
Details

AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remotesubscribe_addr can deliver a crafted pickle payload that executes arbitrary code simultaneously as the inference worker process on every remote reader worker.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/49xxx/CVE-2026-49121.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-502"
    ]
}
References

Affected packages

Git / github.com/rocm/aiter

Affected ranges

Type
GIT
Repo
https://github.com/rocm/aiter
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:amd:aiter:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.1.14"
        }
    ]
}

Affected versions

v0.*
v0.1.12.post1
v0.1.14
v0.1.14-rc0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-49121.json"