Description
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still reports the file as LIKELY_SAFE. This issue has been patched in version 0.1.7.
Published: 2026-01-10
Score: 8.9 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Fickling’s failure to block the ctypes and pydoc modules allows attackers to craft pickled objects that trigger a gadget chain. When such data is decompiled or analyzed, the tool can execute arbitrary code while still reporting the file as LIKELY_SAFE, giving the attacker remote code execution on the system where Fickling runs.

Affected Systems

Any installation of Trailofbits Fickling older than version 0.1.7 is vulnerable. The patch that blocks ctypes and pydoc was introduced in version 0.1.7, which is the only release that fixes this flaw.

Risk and Exploitability

The CVSS score of 8.9 categorizes the issue as high severity, but the EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low current exploitation probability. Nonetheless, because Fickling is used by security analysts and automated pipelines that process pickle files, an attacker who can supply a malicious pickle can activate the gadget chain and gain code execution on the analyst’s machine or any host running the tool. The exploit requires the victim to process crafted pickle data, so it is most relevant when untrusted files are ingested.

Generated by OpenCVE AI on April 18, 2026 at 07:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Fickling to version 0.1.7 or later to eliminate the gadget chain
  • Restrict processing to trusted pickle files and validate them before analysis
  • Run Fickling in an isolated or sandboxed environment when handling potentially untrusted data

Generated by OpenCVE AI on April 18, 2026 at 07:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5hvc-6wx8-mvv4 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
History

Fri, 16 Jan 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:trailofbits:fickling:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Tue, 13 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Trailofbits
Trailofbits fickling
Vendors & Products Trailofbits
Trailofbits fickling

Sat, 10 Jan 2026 01:45:00 +0000

Type Values Removed Values Added
Description Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still reports the file as LIKELY_SAFE. This issue has been patched in version 0.1.7.
Title Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
Weaknesses CWE-184
CWE-502
References
Metrics cvssV4_0

{'score': 8.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trailofbits Fickling
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-13T19:57:12.040Z

Reserved: 2026-01-07T21:50:39.534Z

Link: CVE-2026-22608

cve-icon Vulnrichment

Updated: 2026-01-13T19:56:56.479Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T02:15:49.917

Modified: 2026-01-16T18:57:26.013

Link: CVE-2026-22608

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T07:30:36Z

Weaknesses