CVE-2026-12191

HIGH 7.8

Comma AI Openpilot Pickle modeld.py pickle.loads deserialization

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-502 CWE-20
Vendor	comma ai
Product	openpilot
Published	Jun 14, 2026

Stay Ahead of the Next One

Get instant alerts for comma ai openpilot

Be the first to know when new high vulnerabilities affecting comma ai openpilot are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Comma AI / Openpilot

0.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/370837 vuldb.com: https://vuldb.com/vuln/370837/cti vuldb.com: https://vuldb.com/cve/CVE-2026-12191 vuldb.com: https://vuldb.com/submit/825699

Credits

🔍 khellwan (VulDB User) VulDB CNA Team