Description
picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation.
Published: 2026-06-30
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

picklescan before 0.0.29 does not detect the built‑in Python trace.Trace.runctx function when it is used inside pickle-file reduce methods, enabling attackers to embed arbitrary code that will execute when an attacker-controlled pickle file is loaded. This flaw allows remote code execution through unrestricted deserialization and is categorized as CWE‑693: Security Misconfiguration.

Affected Systems

All versions of the picklescan tool released before 0.0.29 are affected. The vendor is picklescan (project name picklescan) and the product impacted is the picklescan application. No specific patch versions beyond 0.0.29 are listed, so any release earlier than that is considered vulnerable.

Risk and Exploitability

The CVSS base score of 7.6 indicates a high severity vulnerability. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, but the flaw can be exploited remotely by delivering a malicious pickle file that contains a trace.Trace.runctx payload. An attacker does not need special privileges; any system that processes untrusted pickle data with picklescan is at risk.

Generated by OpenCVE AI on June 30, 2026 at 23:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade picklescan to version 0.0.29 or later.
  • If an upgrade is not possible, configure your environment to ignore or filter out trace.Trace.runctx when deserializing pickle files, or use a safe deserialization library that forbids custom reduce methods.
  • Only load pickle files from trusted sources and validate file integrity before processing with picklescan.

Generated by OpenCVE AI on June 30, 2026 at 23:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation.
Title picklescan - Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-693
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-30T22:08:17.415Z

Reserved: 2026-06-20T12:55:02.882Z

Link: CVE-2025-71352

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T23:30:04Z

Weaknesses
  • CWE-693

    Protection Mechanism Failure