CVE-2026-49121

AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remote_subscribe_addr can deliver a crafted pickle payload that executes arbitrary code simultaneously as the inference worker process on every remote reader worker.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/ROCm/aiter/issues/3076	Exploit Issue Tracking Mitigation
https://github.com/ROCm/aiter/pull/3170	Issue Tracking Patch
https://www.vulncheck.com/advisories/ai-tensor-engine-for-rocm-aiter-unauthenticated-rce-via-messagequeue-recv-pickle-deserialization	Third Party Advisory
https://github.com/ROCm/aiter/issues/3076	Exploit Issue Tracking Mitigation

Configurations

Configuration 1 (hide)

cpe:2.3:a:amd:aiter:*:*:*:*:*:*:*:*

History

08 Jun 2026, 14:29

Type	Values Removed	Values Added
First Time		Amd aiter Amd
CPE		cpe:2.3:a:amd:aiter::::::::
References	~~() https://github.com/ROCm/aiter/issues/3076 -~~	() https://github.com/ROCm/aiter/issues/3076 - Exploit, Issue Tracking, Mitigation
References	~~() https://github.com/ROCm/aiter/pull/3170 -~~	() https://github.com/ROCm/aiter/pull/3170 - Issue Tracking, Patch
References	~~() https://www.vulncheck.com/advisories/ai-tensor-engine-for-rocm-aiter-unauthenticated-rce-via-messagequeue-recv-pickle-deserialization -~~	() https://www.vulncheck.com/advisories/ai-tensor-engine-for-rocm-aiter-unauthenticated-rce-via-messagequeue-recv-pickle-deserialization - Third Party Advisory

02 Jun 2026, 20:16

Type	Values Removed	Values Added
References	~~() https://github.com/ROCm/aiter/issues/3076 -~~	() https://github.com/ROCm/aiter/issues/3076 -

01 Jun 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-01 19:16

Updated : 2026-06-08 14:29

NVD link : CVE-2026-49121

Mitre link : CVE-2026-49121

CVE.ORG link : CVE-2026-49121

JSON object : View

Products Affected

amd

aiter

CWE

CWE-502

Deserialization of Untrusted Data

8.1 /10