Description
picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load().
Published: 2026-06-22
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

picklescan before 0.0.29 does not detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity in reduce methods. An attacker can embed code that runs arbitrary commands when the file is loaded by pickle.load, giving the attacker full control of the system and compromising confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects picklescan versions prior to 0.0.29, produced by mmaitre314. Users running any pre‑0.0.29 release are susceptible; newer releases contain the fix.

Risk and Exploitability

The CVSS score is 7.6 and no EPSS data is available. The vulnerability is not listed in CISA KEV. Because it is triggered when a user loads a crafted pickle file, the attack vector is local/file‑based; the attacker must supply a malicious file to a victim who uses pickle.load. The impact is significant, but exploitation requires user interaction and is not remotely server‑side.

Generated by OpenCVE AI on June 22, 2026 at 23:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade picklescan to version 0.0.29 or later.
  • Avoid loading pickle files from untrusted sources; disable or guard pickle.load usage if the functionality is unnecessary.
  • Validate or sandbox pickle files before loading them, or replace pickle.load with a safer deserialization mechanism.

Generated by OpenCVE AI on June 22, 2026 at 23:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6w4w-5w54-rjvr Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
History

Mon, 22 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load().
Title picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-502
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-22T21:04:42.672Z

Reserved: 2026-06-20T12:55:02.882Z

Link: CVE-2025-71358

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T02:45:16Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data