Description
picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle is loaded from untrusted sources.
Published: 2026-06-17
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in picklescan allows an attacker to execute arbitrary code on the host. It arises from unsafe deserialization of pickle files and uses obfuscated eval calls that are hidden inside callable objects accessed via getattr. The flaw is classified as CWE‑502 and enables attackers to embed malicious code that bypasses simple detection mechanisms and runs when the pickle is loaded from an untrusted source. If exploited, the attacker gains complete control of the affected system, compromising confidentiality, integrity, and availability.

Affected Systems

Picklescan versions prior to 1.0.1 are affected. The product name is picklescan, and any deployment that loads pickle data supplied by external actors is at risk.

Risk and Exploitability

The CVSS score of 9.3 indicates a critical severity. The EPSS score is <1%, suggesting that, while the exploit exists, it has low likelihood of being discovered in the wild at present, and the vulnerability is not yet listed in the CISA KEV catalog. The likely attack path involves an unauthenticated actor creating a malicious pickle file, delivering it to a vulnerable application, and triggering the load function. Because the attack does not require special privileges, any user or process capable of executing picklescan can be leveraged for exploitation.

Generated by OpenCVE AI on June 18, 2026 at 19:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade picklescan to version 1.0.1 or later, which removes the unsafe deserialization path.
  • Disallow or carefully validate any pickle files coming from untrusted sources before loading them in the application.
  • Replace unsafe pickle loads with a safer deserialization library or implement strict input validation to ensure only trusted data is processed.

Generated by OpenCVE AI on June 18, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9m3x-qqw2-h32h picklescan missing detection by simple obfuscation of a `builtins.eval` call
History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle is loaded from untrusted sources.
Title picklescan - Arbitrary Code Execution via Obfuscated eval Call
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-502
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-17T15:05:03.558Z

Reserved: 2026-06-10T21:23:54.283Z

Link: CVE-2026-53874

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:30:15Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data