CVE-2026-49121

HIGH 8.1

AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

0th

AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remote_subscribe_addr can deliver a crafted pickle payload that executes arbitrary code simultaneously as the inference worker process on every remote reader worker.

CWE	CWE-502
Vendor	rocm
Product	aiter
Published	Jun 1, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for rocm aiter

Be the first to know when new high vulnerabilities affecting rocm aiter are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

ROCm / aiter

0 ≤ 0.1.14

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/ROCm/aiter/issues/3076 github.com: https://github.com/ROCm/aiter/pull/3170 vulncheck.com: https://www.vulncheck.com/advisories/ai-tensor-engine-for-rocm-aiter-unauthenticated-rce-via-messagequeue-recv-pickle-deserialization

Credits

YU SUN