Vulnerability Details CVE-2026-49121
AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remote_subscribe_addr can deliver a crafted pickle payload that executes arbitrary code simultaneously as the inference worker process on every remote reader worker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2026-49121
-
cpe:2.3:a:amd:aiter:0.1.1
-
cpe:2.3:a:amd:aiter:0.1.10
-
cpe:2.3:a:amd:aiter:0.1.11
-
cpe:2.3:a:amd:aiter:0.1.12
-
cpe:2.3:a:amd:aiter:0.1.13
-
cpe:2.3:a:amd:aiter:0.1.14
-
cpe:2.3:a:amd:aiter:0.1.2
-
cpe:2.3:a:amd:aiter:0.1.3
-
cpe:2.3:a:amd:aiter:0.1.4
-
cpe:2.3:a:amd:aiter:0.1.5
-
cpe:2.3:a:amd:aiter:0.1.6
-
cpe:2.3:a:amd:aiter:0.1.7
-
cpe:2.3:a:amd:aiter:0.1.8
-
cpe:2.3:a:amd:aiter:0.1.9