Description
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims.
Published: 2026-06-23
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

picklescan before version 0.0.29 fails to detect malicious pickle files that employ idlelib.autocomplete.AutoComplete.fetch_completions within reduce methods, allowing attackers to embed and execute arbitrary code when those pickle files are loaded. The vulnerability is a classic instance of insecure deserialization (CWE-502) where untrusted data can cause unintended code execution.

Affected Systems

The affected product is picklescan from the mmaitre314 project; any installation using a version earlier than 0.0.29 is susceptible. The vulnerability applies to all operating systems where picklescan is run, as the issue resides in the Python package logic and not OS‑specific code.

Risk and Exploitability

The CVSS score of 7.6 indicates a high‑severity flaw, but the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. Attackers must supply a malicious pickle file that the victim processes, so the release stage is likely local or controlled by the user who runs picklescan. Once executed, the payload can perform arbitrary system commands, leading to full compromise of the host and any data accessed by picklescan. The absence of an EPSS score suggests limited public exploitation data, but the high CVSS and the potential for complete code execution make it a critical risk for any environment that uses picklescan to load user-provided pickles.

Generated by OpenCVE AI on June 23, 2026 at 13:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade picklescan to version 0.0.29 or later, which removes the insecure deserialization path.
  • If an upgrade is not immediately possible, restrict picklescan to only load pickle files from trusted sources, rejecting any file that is not signed or otherwise verified.
  • Consider replacing pickle usage with a safer serialization format (e.g., JSON or protocol buffers) or employ a sandboxed deserialization routine to prevent arbitrary code execution.

Generated by OpenCVE AI on June 23, 2026 at 13:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Picklescan
Picklescan picklescan
Vendors & Products Picklescan
Picklescan picklescan

Tue, 23 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims.
Title picklescan - Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-502
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mmaitre314 Picklescan
Picklescan Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-23T15:05:15.520Z

Reserved: 2026-06-20T13:11:44.728Z

Link: CVE-2025-71376

cve-icon Vulnrichment

Updated: 2026-06-23T14:59:21.701Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T16:45:04Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data