CVE-2026-49121

CRITICAL EPSS 59.9%
Published Jun 1, 20264w ago · Modified Jun 17, 20261w ago
9.2 CVSS 4.0
Critical
Find Similar
Published Jun 1, 2026 4w ago
Last Modified Jun 17, 2026 1w ago

Description

AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remote_subscribe_addr can deliver a crafted pickle payload that executes arbitrary code simultaneously as the inference worker process on every remote reader worker.

CVSS Details

Base Score
9.2
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
59.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-502 Deserialization of Untrusted Data Validation

Affected Products 1

VendorProductVersionRange
amdaiter* ≤0.1.14

References 3

  • github.com https://github.com/ROCm/aiter/issues/3076
    ExploitIssue TrackingMitigation
  • github.com https://github.com/ROCm/aiter/pull/3170
    Issue TrackingPatch
  • vulncheck.com https://www.vulncheck.com/advisories/ai-tensor-engine-for-rocm-aiter-unauthenticated-rce-via-messagequeue-recv-pickle-deserialization
    Third Party Advisory

Remediation

  • github.com https://github.com/ROCm/aiter/pull/3170
    Issue TrackingPatch