CVE-2026-12191 - Vulnerability in Comma AI Openpilot
CVE-2026-12191 - Vulnerability in Comma AI Openpilot
CVE-2026-12191 - Vulnerability in Comma AI Openpilot
A vulnerability, identified as CVE-2026-12191, was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way.
Affected Products
No affected product recorded yet.
CVSS Metrics
- CVSS V4.0: AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- CVSS V3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CVSS V2: AV:L/AC:L/Au:S/C:C/I:C/A:C
CWE Categories
- CWE-20
- CWE-502
The analysis noted that public exploits and proof-of-concepts, which have been published on GitHub, are being scanned for to detect new exploits.
References
This post is licensed under CC BY 4.0 by the author.