Description
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling's output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been patched in version 0.1.7.
Published: 2026-01-10
Score: 8.9 High
EPSS: < 1% Very Low
KEV: No
Impact: Code Execution via Deserialization
Action: Patch Now
AI Analysis

Impact

This vulnerability occurs because older versions of the Fickling utility do not flag Python's cProfile.run() as unsafe. As a result, a malicious pickle that uses cProfile.run() is mistakenly classified as SUSPICIOUS rather than OVERTLY_MALICIOUS. If an organization relies on Fickling as a gatekeeper before deserializing pickles, this misclassification can trick users into accepting unsafe payloads, enabling the attacker to execute arbitrary code on the target system.

Affected Systems

The affected product is Fickling by Trail of Bits. Versions up to and including 0.1.6 are vulnerable. Affected deployments include any environment where Fickling is used to pre‑screen or analyze pickles before deserialization.

Risk and Exploitability

The vulnerability has a CVSS score of 8.9, indicating a high severity impact. The EPSS score is below 1%, suggesting low current exploit probability, and it is not listed in the CISA KEV catalog. However, if an attacker can supply a malicious pickle to an environment that trusts Fickling’s output, they can trigger the embedded cProfile.run() call and gain remote code execution capability. The likely attack vector involves delivering a crafted pickle through user‑controlled input or insecure communication channels that are processed by Fickling.

Generated by OpenCVE AI on April 18, 2026 at 16:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Fickling version 0.1.7 or later to apply the official patch.
  • If Fickling is used as an input filter for pickle deserialization, remove that dependency or treat all pickle input as untrusted until an independent safety check is performed.
  • Apply additional validation when deserializing pickles, such as restricting the allowed classes or using a safe deserialization library, to prevent accidental execution of malicious payloads.

Generated by OpenCVE AI on April 18, 2026 at 16:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-p523-jq9w-64x9 Fickling Blocklist Bypass: cProfile.run()
History

Fri, 16 Jan 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:trailofbits:fickling:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Tue, 13 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Trailofbits
Trailofbits fickling
Vendors & Products Trailofbits
Trailofbits fickling

Sat, 10 Jan 2026 01:45:00 +0000

Type Values Removed Values Added
Description Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling's output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been patched in version 0.1.7.
Title Fickling Blocklist Bypass: cProfile.run()
Weaknesses CWE-184
CWE-502
References
Metrics cvssV4_0

{'score': 8.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trailofbits Fickling
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-13T21:49:38.169Z

Reserved: 2026-01-07T21:50:39.534Z

Link: CVE-2026-22607

cve-icon Vulnrichment

Updated: 2026-01-13T21:49:27.585Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T02:15:49.780

Modified: 2026-01-16T18:58:22.570

Link: CVE-2026-22607

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:45:05Z

Weaknesses