Description
picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().
Published: 2026-06-24
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from picklescan not detecting malicious idlelib.calltip.Calltip.fetch_tip calls embedded inside Python pickle files. This oversight allows an attacker to craft a pickle file containing undetected payloads that execute arbitrary code when the file is loaded with pickle.load(). The flaw is a classic code injection weakness classified as CWE‑95, which permits attackers to compromise the confidentiality, integrity, and availability of the affected system if the pickle file is processed.

Affected Systems

The product in question is picklescan by mmaitre314. All versions prior to 0.0.29 are affected, as this is the last release that introduced detection of the offending call. Users running any older instance should consider their environment as compromised until a patch or mitigation is applied.

Risk and Exploitability

The CVSS score of 7.6 indicates a high risk of exploiting this flaw. Although the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, the nature of the flaw still allows remote code execution when an attacker can force the application to load a malicious pickle file. The likely attack vector is the ingestion of an untrusted pickle file by the application, which then deserializes it with pickle.load(), triggering the malicious code. Due to the lack of detection, no additional authentication or privilege checks are performed, making exploitation straightforward if the attacker has a path to supply the pickle file.

Generated by OpenCVE AI on June 24, 2026 at 13:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade picklescan to 0.0.29 or later.
  • Ensure that only trusted pickle files are processed by the application, isolating or validating their source before calling pickle.load().
  • Configure the application to use alternative deserialization mechanisms or disable pickle loading for untrusted inputs.

Generated by OpenCVE AI on June 24, 2026 at 13:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8r4j-24qv-fmq9 Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip
History

Wed, 24 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 24 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().
Title picklescan - Remote Code Execution via Undetected idlelib.calltip.Calltip.fetch_tip
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-95
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-24T16:02:42.842Z

Reserved: 2026-06-20T12:55:02.883Z

Link: CVE-2025-71361

cve-icon Vulnrichment

Updated: 2026-06-24T16:02:21.448Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T15:45:06Z

Weaknesses
  • CWE-95

    Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')