CVE-2026-12191

Name of the Vulnerable Software and Affected Versions Comma AI Openpilot version 0.11

Description An issue exists in the Pickle Module within the file selfdrive/modeld/modeld.py where the functions pickle.load() and pickle.loads() can be manipulated. This leads to deserialization, a process of converting a byte stream back into an object, which can be exploited by an attacker with local access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.