Description
picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded.
Published: 2026-06-23
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

picklescan versions before 0.0.29 do not detect the use of profile.Profile.runctx during pickle deserialization. If an attacker supplies a specially crafted pickle file that calls profile.Profile.runctx via its reduce method, the function is executed and arbitrary code runs on the system that loads the file. The flaw provides direct remote code execution because the malicious payload runs with the privileges of the user executing picklescan.

Affected Systems

All installations of picklescan earlier than version 0.0.29 are vulnerable. This includes any user or service that loads pickle files using the default deserialization routines of this package.

Risk and Exploitability

The CVSS score of 7.6 indicates a high severity impact. Because the attack requires the attacker to supply a pickle file that the target processes, the exploit vector is likely remote delivery to an application that relies on picklescan. No EPSS score is available, and this vulnerability is not yet included in the CISA KEV catalog; however, remote code execution remains a high‑risk threat. An attacker who succeeds can fully compromise the affected system, execute arbitrary commands, and maintain persistence if desired.

Generated by OpenCVE AI on June 23, 2026 at 13:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade picklescan to version 0.0.29 or newer, where the detection of profile.Profile.runctx has been added.
  • If an upgrade cannot be performed immediately, restrict the use of picklescan to trusted data sources only, or disable the loading of untrusted pickle files entirely in the application.
  • Implement network or file‑system controls to prevent remote hosts from delivering malicious pickle files to the vulnerable environment.

Generated by OpenCVE AI on June 23, 2026 at 13:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Picklescan
Picklescan picklescan
Vendors & Products Picklescan
Picklescan picklescan

Tue, 23 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded.
Title picklescan - Remote Code Execution via Undetected profile.Profile.runctx
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-502
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mmaitre314 Picklescan
Picklescan Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-23T13:56:22.833Z

Reserved: 2026-06-20T01:48:36.756Z

Link: CVE-2025-71341

cve-icon Vulnrichment

Updated: 2026-06-23T13:56:18.710Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T15:15:04Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data