Description
PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan.
Published: 2026-06-17
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PickleScan's deserialization logic improperly allows the pty.spawn function to be used by untrusted pickle data, because it is omitted from the software's list of unsafe globals. An attacker can embed a pickle payload that imports and calls pty.spawn, causing PickleScan to execute arbitrary system commands with the process's privileges. This flaw delivers a remote code execution capability that can compromise any system running the vulnerable version of the tool.

Affected Systems

The vulnerability affects PickleScan versions prior to 0.0.33. Users running these releases are susceptible to exploitation if they process untrusted pickle files. No additional vendor or product variants are listed.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is the delivery of malicious pickle files to be processed by PickleScan, which may occur through local file uploads or automated scan pipelines. Exploitation would allow an attacker to run arbitrary commands on the host, leading to full system compromise if no additional controls are in place.

Generated by OpenCVE AI on June 18, 2026 at 18:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official update to PickleScan 0.0.33 or later whenever it becomes available, as this version removes pty.spawn from the unsafe globals list.
  • If an immediate upgrade is not possible, quarantine the application or run it in a tightly controlled sandbox that prevents execution of external binaries, thereby mitigating the risk of arbitrary command execution.
  • Configure the environment to reject or sanitize any pickle files that contain references to the pty module before deserialization, ensuring that only trusted data is processed.

Generated by OpenCVE AI on June 18, 2026 at 18:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-hgrh-qx5j-jfwx Picklescan Bypasses Unsafe Globals Check using pty.spawn
History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan.
Title PickleScan - Unsafe Globals Check Bypass via pty.spawn Function
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-693
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-18T15:19:25.962Z

Reserved: 2026-06-08T20:44:31.209Z

Link: CVE-2025-71322

cve-icon Vulnrichment

Updated: 2026-06-18T15:18:59.563Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T18:30:15Z

Weaknesses
  • CWE-693

    Protection Mechanism Failure