Description
A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-14
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Comma AI Openpilot 0.11 allows a local attacker to load malicious data through the pickle.load/pickle.loads function in selfdrive/modeld/modeld.py. The untrusted deserialization can lead to arbitrary code execution with the privileges of the Openpilot process. The weakness is classified as an improper input validation and deserialization of untrusted data (CWE-20 and CWE-502).

Affected Systems

The vulnerability is limited to Comma AI’s Openpilot product, specifically version 0.11 of the software. No other versions or components are listed as affected.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity, although no EPSS score is available and the issue is not listed in the CISA KEV catalog. Because the attack requires local access and depends on the presence of untrusted pickle payloads, the exploitation likelihood is tied to physical or local network compromise. Nonetheless, the potential for code execution makes the risk significant for users running the vulnerable version.

Generated by OpenCVE AI on June 15, 2026 at 00:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a later Openpilot release (0.12 or newer) that removes or safeguards the pickle.loads usage.
  • If an upgrade is unavailable, isolate the modeld process in a sandbox with restricted permissions or disable the feature that calls pickle.loads until a fix is applied.
  • Apply input validation or switch to a safer serialization format (such as JSON) for any data that must be loaded by the modeld component.

Generated by OpenCVE AI on June 15, 2026 at 00:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 14 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way.
Title Comma AI Openpilot Pickle modeld.py pickle.loads deserialization
First Time appeared Comma Ai
Comma Ai openpilot
Weaknesses CWE-20
CWE-502
CPEs cpe:2.3:a:comma_ai:openpilot:*:*:*:*:*:*:*:*
Vendors & Products Comma Ai
Comma Ai openpilot
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Comma Ai Openpilot
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-14T23:00:08.503Z

Reserved: 2026-06-14T06:43:50.623Z

Link: CVE-2026-12191

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-14T23:16:35.993

Modified: 2026-06-14T23:16:35.993

Link: CVE-2026-12191

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T00:30:07Z

Weaknesses
  • CWE-20

    Improper Input Validation

  • CWE-502

    Deserialization of Untrusted Data