CVE-2026-12191 | Comma AI Openpilot 0.11 Pickle modeld.py pickle.load/pickle.loads deserialization

A vulnerability was found in Comma AI Openpilot 0.11 and classified as critical. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization.

This vulnerability is identified as CVE-2026-12191. The attack is only possible with local access. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More