Description
picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.
Published: 2026-06-23
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

picklescan prior to 0.0.33 fails to detect malicious pickle files that invoke the numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can embed arbitrary code within a pickle payload that bypasses picklescan’s detection logic and executes when the pickle is deserialized, resulting in uncontrolled code execution. The vulnerability is a classic deserialization flaw (CWE-502).

Affected Systems

The vulnerable product is picklescan provided by mmaitre314. Any installation running picklescan versions earlier than 0.0.33 is susceptible. No additional platform or build restrictions are noted in the advisory.

Risk and Exploitability

The CVSS score of 7.6 places this flaw in the high severity range, indicating that exploitation can cause significant damage. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no confirmed exploitation yet. Attackers can gain remote code execution by delivering a crafted pickle file to any picklescan-enabled process that loads untrusted data. Because the issue is purely a deserialization flaw, exploitation does not require authentication or privilege escalation; the presence of the flaw alone is sufficient for code execution.

Generated by OpenCVE AI on June 23, 2026 at 13:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade picklescan to version 0.0.33 or later, where the detection flaw has been fixed.
  • Whitelabel or otherwise restrict the deserialization of pickle data, ensuring that only trusted sources provide pickle files to picklescan.
  • If possible, disable or remove the use of numpy.f2py.crackfortran.myeval or otherwise constrain its exposure within the application to reduce potential execution paths.

Generated by OpenCVE AI on June 23, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.
Title picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-502
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-23T14:32:10.117Z

Reserved: 2026-06-20T13:01:42.505Z

Link: CVE-2025-71365

cve-icon Vulnrichment

Updated: 2026-06-23T14:32:03.304Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T17:15:04Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data