CVE-2026-49121
AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.2EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
01 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remote_subscribe_addr can deliver a crafted pickle payload that executes arbitrary code simultaneously as the inference worker process on every remote reader worker.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
ROCm · aiterQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/security/cve/CVE-2026-49121https://bugzilla.redhat.com/show_bug.cgi?id=2483882https://github.com/ROCm/aiter/issues/3076https://github.com/ROCm/aiter/pull/3170https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49121.jsonhttps://www.vulncheck.com/advisories/ai-tensor-engine-for-rocm-aiter-unauthenticated-rce-via-messagequeue-recv-pickle-deserialization