CVE-2026-49121
HighCVSS 8.1Exploitation Probability (EPSS)
Elevated risk62th percentile - higher than 62% of all known CVEs
Summary
A vulnerability in AI Tensor Engine for ROCm (AITER) up to version 0.1.14 allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket. The lack of authentication, HMAC, and format validation in the MessageQueue.recv() function in shm_broadcast.py enables remote code execution on every remote inference worker process.
Risk Assessment
The risk involves an unauthenticated attacker gaining control over the ROCm compute cluster, potentially leading to data theft, AI model modification, or disruption of inference services.
Recommendation
Immediately update AITER to a version newer than 0.1.14, implement authentication and validation for ZMQ sockets, and restrict network access to XPUB endpoints.
Original NVD description (English source)
AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remote_subscribe_addr can deliver a crafted pickle payload that executes arbitrary code simultaneously as the inference worker process on every remote reader worker.

