Description
picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon deserialization.
Published: 2026-06-30
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

picklescan prior to version 0.0.29 does not recognize the built‑in Python function profile.Profile.run when it is invoked inside pickle reduce methods. A malicious actor can craft a pickle payload that includes this function call; when the payload is deserialized by picklescan, the profile.Profile.run code executes, enabling the attacker to run arbitrary code on the target system. The vulnerability therefore provides direct access to execute commands or programs with the privileges of the running process.

Affected Systems

The vulnerability affects the picklescan package, specifically all releases older than version 0.0.29. Any deployment using picklescan before this version is susceptible. Users of picklescan 0.0.29 and later are not affected.

Risk and Exploitability

With a CVSS score of 7.6, the issue is considered high severity. Attackers must be able to supply a crafted pickle file to the vulnerable picklescan instance; no additional network access or local privileges beyond normal operation are required. Because the EPSS score is not available, the overall likelihood of exploitation cannot be quantified from the data. The vulnerability is not listed in the CISA KEV catalog, so there is no known widespread exploitation at the time of this assessment.

Generated by OpenCVE AI on June 30, 2026 at 23:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade picklescan to version 0.0.29 or newer, which includes the necessary detection logic for profile.Profile.run in pickle reduce methods.
  • Modify application logic to avoid deserializing untrusted pickle data or replace pickle with a safer serialization format whenever possible.
  • Configure the environment to log and monitor any use of pickle deserialization, ensuring that only trusted sources provide payloads to picklescan.

Generated by OpenCVE AI on June 30, 2026 at 23:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon deserialization.
Title picklescan - Arbitrary Code Execution via Undetected profile.Profile.run
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-502
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-30T22:08:20.846Z

Reserved: 2026-06-20T13:11:44.727Z

Link: CVE-2025-71374

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T23:30:04Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data