Description
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected as unsafe, allowing attackers to bypass Fickling's primary static safety checks. This issue has been patched in version 0.1.7.
Published: 2026-01-10
Score: 8.9 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution via bypass of static safety checks
Action: Immediate Patch
AI Analysis

Impact

Fickling is a Python pickling decompiler and static analyzer that inspects pickle files for unsafe imports. Prior to version 0.1.7 the static analyzer’s unsafe_imports() function fails to flag several high-risk Python modules, allowing malicious pickles to import these modules without detection. This defect enables attackers to bypass Fickling’s primary safety checks, potentially leading to arbitrary code execution when the analyzer proceeds with decompilation of untrusted pickle data.

Affected Systems

All installed instances of trailofbits fickling older than version 0.1.7 are vulnerable. The issue affects the unsafe_imports() component of the static analysis engine, regardless of the environment or operating system, as long as the vulnerable version is in use.

Risk and Exploitability

The CVSS score is 8.9, indicating a high severity failure to execute code. The EPSS score is less than 1%, suggesting exploitation is unlikely at this moment, and the vulnerability is not listed in the CISA KEV catalog. The most probable attack vector is the supply or execution of a malicious pickle file that imports high-risk modules; the attacker can then rely on the analyzer to overlook the danger and potentially execute the embedded code. The risk is mitigated by the fix in version 0.1.7, after which safe_imports() properly blocks high-risk imports.

Generated by OpenCVE AI on April 18, 2026 at 16:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the security patch by upgrading trailofbits fickling to version 0.1.7 or later, which addresses the unsafe import handling flaw (CWE‑184).
  • Limit the static analyzer to performing decompilation only on pickle files from trusted sources and disable analysis of untrusted data to mitigate deserialization risks (CWE‑502).
  • Audit and keep the dangerous module blocklist up to date, ensuring that high‑risk Python modules are explicitly blocked to prevent side‑effect injection (CWE‑184) and to reduce the attack surface for deserialization exploits (CWE‑502).

Generated by OpenCVE AI on April 18, 2026 at 16:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-q5qq-mvfm-j35x Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
History

Fri, 16 Jan 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:trailofbits:fickling:*:*:*:*:*:python:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Wed, 14 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Trailofbits
Trailofbits fickling
Vendors & Products Trailofbits
Trailofbits fickling

Sat, 10 Jan 2026 01:45:00 +0000

Type Values Removed Values Added
Description Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected as unsafe, allowing attackers to bypass Fickling's primary static safety checks. This issue has been patched in version 0.1.7.
Title Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
Weaknesses CWE-184
CWE-502
References
Metrics cvssV4_0

{'score': 8.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trailofbits Fickling
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-14T19:51:31.740Z

Reserved: 2026-01-07T21:50:39.534Z

Link: CVE-2026-22609

cve-icon Vulnrichment

Updated: 2026-01-14T19:51:20.015Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-10T02:15:50.050

Modified: 2026-01-16T18:52:26.077

Link: CVE-2026-22609

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:45:05Z

Weaknesses