Description
picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning.
Published: 2026-06-17
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Picklescan before version 0.0.27 contains a parsing logic flaw in the function that lists global objects when processing pickle files. The flaw fails to correctly track arguments for the STACK_GLOBAL opcode, allowing an attacker to craft a pickle containing a STACK_GLOBAL opcode with its argument positioned at zero. When the scanner processes such a file it throws an unexpected exception, causing the detection routine to skip the offending pickle and report it as safe. This enables malicious pickle content to evade security controls, potentially leading to code execution or data exfiltration.

Affected Systems

The vulnerability affects the open‑source tool picklescan developed by mmaitre314. All installations running a version earlier than 0.0.27 are impacted, regardless of operating system or deployment environment.

Risk and Exploitability

The flaw carries a CVSS score of 9.3, indicating high severity, while the EPSS score is below 1%, suggesting that exploitation is unlikely but still possible. Picklescan is not listed in CISA’s KEV catalog. Attackers can exploit the vulnerability by supplying a specially crafted pickle that triggers the STACK_GLOBAL opcode exception, causing the scanner to bypass detection. The resulting security bypass could allow the attacker to deliver malicious payloads that might execute code or extract sensitive data.

Generated by OpenCVE AI on June 18, 2026 at 18:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade picklescan to version 0.0.27 or newer to apply the official patch.
  • If an upgrade is not immediately feasible, disable or quarantine pickle file processing until a fix is available.
  • Validate incoming pickle files to reject any STACK_GLOBAL opcode with a zero‑position argument.
  • Monitor scanner exception logs for unexpected errors and investigate anomalies promptly.

Generated by OpenCVE AI on June 18, 2026 at 18:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9gvj-pp9x-gcfr Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning.
Title picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-391
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-17T17:28:10.471Z

Reserved: 2026-06-08T20:44:31.209Z

Link: CVE-2025-71325

cve-icon Vulnrichment

Updated: 2026-06-17T17:28:07.638Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T22:15:03Z

Weaknesses
  • CWE-391

    Unchecked Error Condition