Description
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
Published: 2026-06-21
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

picklescan before 0.0.30 fails to detect malicious pickle files that employ the idlelib.pyshell.ModifiedInterpreter.runcommand method within reduce functions, allowing an attacker to embed code that is executed when the file is deserialized. The flaw is a deserialization vulnerability (CWE-502) that results in arbitrary code execution, potentially granting full control over the system running picklescan.

Affected Systems

All instances of picklescan:picklescan with versions earlier than 0.0.30 are affected. The vulnerability is exposed whenever the application processes pickle files using its reduce methods.

Risk and Exploitability

The CVSS score of 7.6 classifies this flaw as high severity. No EPSS score is available and the issue is not listed in the CISA KEV catalog, but the absence of mitigations means an attacker who can supply a malicious pickle file to the application can gain arbitrary execution. Based on the description, the attacker must supply a malicious pickle file that the victim deserializes, which can occur locally or via network input depending on how picklescan is used. Once executed, the code runs with the privileges of the picklescan process, posing a significant risk to confidentiality, integrity, and availability.

Generated by OpenCVE AI on June 21, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to picklescan 0.0.30 or later to apply the vendor fix.
  • Restrict pickle deserialization to trusted sources and validate files before loading.
  • Isolate the picklescan process in a sandbox or container to limit potential damage.

Generated by OpenCVE AI on June 21, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Picklescan
Picklescan picklescan
Vendors & Products Picklescan
Picklescan picklescan

Sun, 21 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
Title picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-502
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mmaitre314 Picklescan
Picklescan Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-21T13:26:49.422Z

Reserved: 2026-06-20T12:55:02.882Z

Link: CVE-2025-71357

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T18:15:04Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data