CVE 8.5 HIGH

Comma AI Openpilot Pickle modeld.py pickle.loads deserialization_CVE-2026-12191

June 14, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

Deserialization vulnerability in Comma AI Openpilot's Pickle Module

Basic Information

ID CVE-2026-12191

Source VulDB

Published Jun 14, 2026 at 23:00

Affected Product

Vendor Comma AI

Product Openpilot

Version 0.11

Affected Versions Comma AI Openpilot 0.11

CWE Classification

CWE-502 CWE-20

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Comma AI

Product Openpilot

Version 0.11

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-06-14T23:00:08.503Z",
    "modified": "2026-06-14T23:00:08.503Z",
    "type": "cve",
    "title": "Comma AI Openpilot Pickle modeld.py pickle.loads deserialization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/370837\nhttps://vuldb.com/vuln/370837/cti\nhttps://vuldb.com/cve/CVE-2026-12191\nhttps://vuldb.com/submit/825699",
    "id": "CVE-2026-12191",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Comma AI Openpilot 0.11",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Openpilot",
    "version": "0.11",
    "vendor": "Comma AI",
    "ai_description": "Deserialization vulnerability in Comma AI Openpilot's Pickle Module",
    "ai_severity": "High",
    "ai_vendor": "Comma AI",
    "ai_product": "Openpilot",
    "ai_version": "0.11",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply